1 (888) 400-5530
Toll-Free, No-Cost
Victim Assistance

Identity Theft Consumer Guide

Identity Theft Resource Center BBB Business Review

 

Press Release - 2007 Breach List

Posted in: ITRC Surveys & Studies
By Identity Theft Resource Center
Jan 8, 2008 - 2:45:05 PM


Printer friendly page

SECURITY BREACHES
Updated 1/8/2008

Information management is critically important to all of us – as employees and consumers.  For that reason, the Identity Theft Resource Center has been tracking security breaches for the past three years, looking for patterns, new trends and any information that may help us better protect data and assist companies in their activities.

Question:  How many large breaches have there been and how many people have been potentially affected?
 In 2006, there were in excess of 312 publicized breaches affecting nearly 20 million individuals.  Based on ITRC’s categorization, the breaches break down as follows: 29% government/military agencies; 28% from educational institutions; 22% from general businesses; 13% from health care facilities / companies; and 8% from banking / credit / financial services entities.  In 2005, there were 158 incidents affecting more than 64.8 million people.

Click here for 2007 ITRC Breach Report. Click here for the 2007 ITRC Breach Stats Report broken down by categories which includes the percentages for each category (business, financial/credit, educational, governmental/military, and health care)

Please check regularly as this list will be updated weekly.

Click here for the final 2006 ITRC Breach List. Click here for the 2005 ITRC Breach List.

Question:  Are there other website with articles about breaches?
 Yes - two that we recommend are http://attrition.org/dataloss/  and http://www.pogowasright.org/index.php?topic=Breaches

Both of these sites have stored articles that are well documented.  They also include paper breaches and breaches from other countries which ITRC does not include on its list.

Question: Are there more security breaches now than ever before?
This question is hard to answer. More companies are revealing that they have had a data breach, either due to laws or public pressure. Our sense is that two things are happening - the criminal population is stealing more data from companies AND that we are hearing more about the breaches. ITRC has been tracking breaches since 2001. One thing we absolutely can say is that this is NOT a new problem.

Question: Are all breaches alike?
No - security breaches can be broken down into a number of categories. What they have in common is that they contained personal identifying information in a format easily read by thieves, in other words, not encrypted.

  • Lost or stolen laptops, computers or other computer storage devices
  • Backup tapes lost in transit because they were not sent either electronically or with a human escort
  • Hackers breaking into systems
  • Employees stealing information or allowing access to information
  • Information bought by a fake business
  • Poor business practices- for example sending postcards with Social Security numbers on them
  • Internal security failures
  • Viruses, Trojan Horses and computer security loopholes
  • Info tossed into dumpsters- improper disposition of information

Question: What can I do if I am a victim of a breach?
 That depends - if your Social Security number has been compromised you need to place a fraud alert on your credit reports immediately and order your free victim of id theft credit reports.  However keep in mind that not all thieves use the information immediately so check your report again in about 3 months. You can use your free annual credit report to do this - 877-322-8228.  We suggest you stagger your orders so you can see at least one report every four months.

If a financial account or credit card is affected, close that account (and only the affected account/card). Ask the company to mark it - closed due to security breach and by consumer request.

If you are not sure your account was affected, monitor your bank and credit card billing statements carefully, looking for small charges you didn't make. It is not uncommon for a thief to try to make a $5-20 purchase to see if the card is still open. They don't all make large charges that you would notice immediately. Remember to contact any company that automatically deducts a payment from a credit card you might have to close.

The worst thing you can do is to overreact.

For more information on breaches and what to do, please read ITRC’s Fact Sheet 129 I Received a Breach Letter - What Do I Do Now? 
View the 2007 ITRC Breach Report
View the 2007 ITRC Breach Stats Report
View the 2006 ITRC Breach List
View the 2005 ITRC Breach List
Contact Us | Privacy Policy | Legal Notice | Site Map  
Copyright © Identity Theft Resource Center. All rights reserved.
Web design by Savvy Sites.