According to the Identity Theft Resource Center (ITRC), a non-profit organization dedicated to the prevention of identity theft, reports of data breaches rose dramatically in 2008.
The ITRC press release reported:
"... Only 2.4% of all breaches had encryption or other strong protection methods in use. Only 8.5% of reported breaches had password protection. It is obvious that the bulk of breached data was unprotected by either encryption or even passwords."
The report received widespread coverage around the country. The Washington Post featured the report on the front page of their website yesterday. Here's an excerpt:
"Identity Theft Resource Center of San Diego is set to announce today that some 656 breaches were reported in 2008, up from 446 in the previous year. Nearly 37 percent of the breaches occurred at businesses, while schools accounted for roughly 20 percent of the reported incidents.
The center also found that the percentage of breaches attributed to data theft from current and former employees more than doubled from 7 percent in 2007 to nearly 16 percent in 2008."
I agree with the comments made in the press coverage suggesting new trends in monitoring employees as a result of increased insider threats. However, I also think these numbers reflect the fact that more organizations are complying with state and federal laws which require public notice of data breaches.
What are your thoughts? Are we seeing more stolen information or more organizations "coming clean" on data loss?
Leave a comment