SECURITY BREACHES
Updated 05/06/2008
Information management is critically important to all of us - as employees and consumers. For that reason, the Identity Theft Resource Center has been tracking security breaches for the past three years, looking for patterns, new trends and any information that may help us better protect data and assist companies in their activities.
Question:
How many large breaches have there been and how many people have been potentially affected?
In 2007, ITRC documented 446 paper and electronic breaches, potentially affecting more than 127 million records. This is a significant increase from 2006 which listed in excess of 315 publicized breaches affecting nearly 20 million individuals. In 2005 there were 158 incidents affecting more than 64.8 million people.
Based on ITRC’s categorization, the 2007 breaches break down as follows: 24.5% government/military agencies, 24.7% from educational institutions, 29.3% from general businesses, 14.5% from health care facilities / companies, and 7% from banking / credit / financial services entities.
Click here
for the 2008 ITRC Breach report.
Click here
for the 2008 ITRC Breach Stats Report broken down by categories which includes the percentages for each category (business, financial/credit, educational, governmental/military and health care).
Please check regularly as this list is updated weekly.
Click here for
2007 ITRC Breach Report. Click here for the
2007 ITRC Breach Stats Report broken down by categories.
Click here for the final 2006 ITRC Breach List. Click here for the 2005 ITRC Breach List.
Question: Are there other website with articles about breaches?
Yes- two that we recommend are
http://attrition.org/dataloss/
and
http://www.pogowasright.org/index.php?topic=Breaches
Both of these sites have stored articles that are well documented. They also include paper breaches and breaches from other countries which ITRC does not include on its list.
Question:
What criteria is used when assessing a publicized breach?
(
Click here)
Question: Are there more security breaches now than ever before?
This question is hard to answer. More companies are revealing that they have had a data breach, either due to laws or public pressure. Our sense is that two things are happening - the criminal population is stealing more data from companies AND that we are hearing more about the breaches. ITRC has been tracking breaches since 2001. One thing we absolutely can say is that this is NOT a new problem.
Question: Are all breaches alike?
No - security breaches can be broken down into a number of categories. What they have in common is that they contained personal identifying information in a format easily read by thieves, in other words, not encrypted.
Question: What can I do if I am a victim of a breach?
That depends - if your Social Security number has been compromised you need to place a fraud alert on your credit reports immediately and order your free victim of id theft credit reports. However keep in mind that not all thieves use the information immediately so check your report again in about 3 months. You can use your free annual credit report to do this- 877-322-8228. We suggest you stagger your orders so you can see at least one report every four months.
If a financial account or credit card is affected, close that account (and only the affected account/card). Ask the company to mark it- closed due to security breach and by consumer request.
If you are not sure your account was affected, monitor your bank and credit card billing statements carefully, looking for small charges you didn't make. It is not uncommon for a thief to try to make a $5-20 purchase to see if the card is still open. They don't all make large charges that you would notice immediately. Remember to contact any company that automatically deducts a payment from a credit card you might have to close.
The worst thing you can do is to overreact.
For more information on breaches and what to do, please read ITRC’s Fact Sheet 129