Reports of data breaches increased dramatically in 2008.   The Identity Theft Resource Center’s 2008 breach report reached 656 reported breaches at the end of 2008, reflecting an increase of 47% over last year’s total of 446.

The ITRC tracks five categories of data loss methods: data on the move, accidental exposure, insider theft, subcontractors, and hacking.   Subcontractor breaches, while counted as one breach each, in some cases affected dozens of companies.   It is important to note that the number of breaches reported does not reflect the number of companies affected.

The ITRC breach list is a compilation of breaches confirmed by various media sources and notification lists from state governmental agencies.   ITRC uses several websites to help search for verifiable breaches, such as (aka Pogowasright),, and   To qualify breaches must include personal identifying information that could lead to identity theft, especially the loss of Social Security numbers.

ITRC has been tracking and compiling statistics on data breaches since 2005 – view the multi-year report