2011 ITRC Breach Report Key Findings

  • Hacking(1) attacks were responsible for more than one-quarter (26.1%) of the data breaches recorded in the Identity Theft Resource Center’s 2011 Breach Report, hitting a five-year all time high. This was followed by Data on the Move(2) and Insider Theft, at 18.5% and 13.3% respectively.
  • Over the past five years, hacking and “data on the move” have alternately held the top two spots for Type of Breach, as defined by the ITRC.
  • Paper breaches accounted for 16.2% of “known” breaches and typically go unnoticed until a consumer reports the problem to local media. At this time, paper breaches do not trigger breach notifications in most states, so consumers are not alerted to the fact that there personal identifying information has been exposed.
  • Malicious attacks (defined by the ITRC as a combination of hacking and insider theft) accounted for nearly 40% of the recorded breaches.
  • 61.8% of the breaches reported involved exposure of Social Security Numbers.  26.4% involved credit or debit cards

(1)  Hacking is defined as a targeted intrusion into a data network, includes skimming.

(2)  Data on the move is defined as “when an electronic storage device, laptop or paper folders leave the office where it is normally stored. This would include data in transport to a storage location.” Other sub-categories include: Insider/Employee Theft, Accidental Exposure and Subcontractor (3rd party vendor).

ITRC has been tracking and compiling statistics on data breaches since 2005 – view the multi-year report