Print 5 comment(s) - last by CascadingDarkn.. on Jan 2 at 1:14 PM

Non-profit groups list 2007 as worst year ever for personal data theft

For many who work and play online and carry sensitive information on their computers, security and privacy are often major concerns. Unfortunately for all of us, we aren’t the only source of potential information loss when it comes to our own personal information.

Two non-profit groups, the Identity Theft Resource Center and, say that 2007 was a record setting year for data breaches in the United States. Linda Foley, founder of the Identity Theft Resource Center, told the AP, “More of them [companies] are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be.”

Foley’s group lists over 79 million reported compromised records in the U.S. from the beginning of 2007 through December 18, 2007. There were about 20 million reported compromised records in 2006.’s estimates show that about 162 million records were compromised through December 21, 2007 in the U.S. and overseas. Brian Martin from told the AP, “It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year. I imagine the total records compromised will steadily climb."

There is one major similarity between the lists of compromised records held by the two groups: the massive data breach of TJX who owns both Marshalls and T.J. Maxx discount stores. This single security breach accounts for about 46 million of the records on both lists. DailyTech previously reported on this breach that occurred in May of 2007 within the TJX credit card processing system.

Not all breaches of data security are the result of hackers actively breaking into an organization’s servers and stealing information. The personal information of 25 million citizens was lost when the UK government lost two discs that stored the data.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Anosh on 1/2/2008 3:16:34 AM , Rating: 5
If you ask me I'd say these records were lost due to the act not having any direct consequence for the companies or organizations.

If there were consequences I'm sure these organizations would take measures to prevent these kind of things from ever happening, especially if the consequences are economical.

RE: Consequence
By rdeegvainl on 1/2/2008 6:03:14 AM , Rating: 2
like a direct payment of 10k to each person whos record they lost, plus covering any expense should they actually be harmed financially because of their blunder.

RE: Consequence
By marvdmartian on 1/2/2008 9:40:22 AM , Rating: 2
I can't say I'd agree with your first part, as you set no conditions on it. Now if it were found that the company in question was negligent, then I could see them being punished for their actions (or inaction, as it were), but an automatic payout for an honest mistake that caused no harm would either put companies out of business, or force them to carry more liability insurance to cover such a happenstance, the cost of which will be passed on to.....?? Anyone? Anyone?? Yeah, that's right, the consumer.

Like I said, though, it should be a given that negligence on a company's (or individual's) part should be punished, just as it would be for any other action where the negligence is the sole contributing factor. If you drive your car in the rain with bad tires, knowing you have bad tires, and skid out of control and kill someone, you're negligence was the contributing factor, and you should be punished. So too if your negligence causes financial hardship to an individual.

It's sad that it's going to likely take negative reinforcement in order to get companies to get more serious about protecting people's information, but that seems to be human nature. When given the choice between the carrot and the stick, most of us end up receiving the stick, in order to get the work done.

RE: Consequence
By CascadingDarkness on 1/2/2008 1:14:23 PM , Rating: 2
You seem to have to lenient idea in my opinion. Working in IT there isn't really anything I would consider an honest mistake short of inside job. Some people need to be trusted to not steal personal data, to an extend. They shouldn't have access to millions of records, but some. Other than that I don't think anything could be qualified as an honest mistake.

Is firewall ports not being closed an honest mistake? Cleaning service having access to private data in a recycle bin?

Protecting personal data is the companie's responsibility. If they fail they need to be held responsible. No, sending out fliers that say, 'Our bad, hope your identity doesn't get stolen'. Yeah, bad PR hurts them, but that isn't enough IMHO. I think they should be held responsible to provide a monitoring service you can opt-in to help be sure that doesn't happen for something like three years.

This doesn't even touch the likely huge amounts of breaches, lost data that goes unreported, both because the company keeps it quiet, and those they don't even notice.

RE: Consequence
By eye smite on 1/2/2008 12:46:42 PM , Rating: 2
I have to agrree with you. I supported a database designe for insurance agencies. One of the customers was Bank of America. They would not implement anything from us without a thorough screening if the updates and certifications for the developer patches. Reason being, they face stiff penalties from the FDIC if any information is compromised, so they stay very secure because of the consequences.

"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki