Data Breaches on Rise in 2010 Need for Better Reporting

In an effort to highlight the risks of identity theft and to argue for a centralized database reporting site, the non-profit Identity Theft Resource Center (ITRC) has released its statistics on the number of data breaches in 2010.

The center recorded 662 data breaches last year, noting that the figures are probably under-reported as in many cases there are no requirements for data breaches to be reported.

The ITRC defines a data breach as an event in which an individual's name plus Social Security Number, driver's license number, medical record, or a financial record (including credit card information) is potentially put at risk - either in electronic or paper format.

62 per cent of those breaches reported exposed Social Security Numbers, and 26 per cent involved credit or debt card information.

15.7 per cent of the data breaches involved state and federal agencies and the military. Medical and health care facilities accounted for 24.2 per cent, educational institutions accounted for 9.8 per cent and the banking industry, 8.2 per cent. That leaves businesses as the largest percentage of breaches - 42.1 per cent.

Malicious attacks, according to the report, account for more breaches than human error - the former constitutes about 17 per cent of breaches, while the latter, just 15 per cent. However, almost 40 per cent of those breaches reported did not identify the manner in which information was exposed.

Although the risks of hacked databases often make headlines, the report finds that paper breaches account for nearly 20 per cent of known breaches.

Only 200 of the 662 breaches were credited to information provided by states and agencies with mandatory reporting.

"It is apparent, with few exceptions, that there is no transparency when it comes to reporting breaches," said the ITRC in a statement to the press. "Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events. It is clear that without a mandatory national reporting requirement, that many data breaches will continue to be unreported, or under-reported."

As we've noted before, data security is likely to be an important trend for 2011. The ITRC report makes clear that this isn't simply a matter of developing policies to secure information. It's also about developing a better system - and a mandatory system - for notifying customers of data breaches.

print this article

Return to security news headlines
View Security News Archive

Share with: