DailyTech - Personal Data Theft Reaches Record High

Submit News

IT Personal Data Theft Reaches Record High
Wolfgang Hansson (Blog) - January 2, 2008 12:00 AM

5 comment(s) - last by CascadingDarkn.. on Jan 2 at 1:14 PM

Non-profit groups list 2007 as worst year ever for personal data theft

For many who work and play online and carry sensitive information on their computers, security and privacy are often major concerns. Unfortunately for all of us, we aren’t the only source of potential information loss when it comes to our own personal information.

Two non-profit groups, the Identity Theft Resource Center and Attrition.org, say that 2007 was a record setting year for data breaches in the United States. Linda Foley, founder of the Identity Theft Resource Center, told the AP, “More of them [companies] are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be.”

Foley’s group lists over 79 million reported compromised records in the U.S. from the beginning of 2007 through December 18, 2007. There were about 20 million reported compromised records in 2006.

Attrition.org’s estimates show that about 162 million records were compromised through December 21, 2007 in the U.S. and overseas. Brian Martin from Attrition.org told the AP, “It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year. I imagine the total records compromised will steadily climb."

There is one major similarity between the lists of compromised records held by the two groups: the massive data breach of TJX who owns both Marshalls and T.J. Maxx discount stores. This single security breach accounts for about 46 million of the records on both lists. DailyTech previously reported on this breach that occurred in May of 2007 within the TJX credit card processing system.

Not all breaches of data security are the result of hackers actively breaking into an organization’s servers and stealing information. The personal information of 25 million citizens was lost when the UK government lost two discs that stored the data.

Comments

Threshold

Username
Password
remember me

This article is over a month old, voting and posting comments is disabled

RE: Consequence

By marvdmartian on 1/2/2008 9:40:22 AM , Rating: 2

I can't say I'd agree with your first part, as you set no conditions on it. Now if it were found that the company in question was negligent, then I could see them being punished for their actions (or inaction, as it were), but an automatic payout for an honest mistake that caused no harm would either put companies out of business, or force them to carry more liability insurance to cover such a happenstance, the cost of which will be passed on to.....?? Anyone? Anyone?? Yeah, that's right, the consumer.

Like I said, though, it should be a given that negligence on a company's (or individual's) part should be punished, just as it would be for any other action where the negligence is the sole contributing factor. If you drive your car in the rain with bad tires, knowing you have bad tires, and skid out of control and kill someone, you're negligence was the contributing factor, and you should be punished. So too if your negligence causes financial hardship to an individual.

It's sad that it's going to likely take negative reinforcement in order to get companies to get more serious about protecting people's information, but that seems to be human nature. When given the choice between the carrot and the stick, most of us end up receiving the stick, in order to get the work done.

Parent

RE: Consequence

By CascadingDarkness on 1/2/2008 1:14:23 PM , Rating: 2

You seem to have to lenient idea in my opinion. Working in IT there isn't really anything I would consider an honest mistake short of inside job. Some people need to be trusted to not steal personal data, to an extend. They shouldn't have access to millions of records, but some. Other than that I don't think anything could be qualified as an honest mistake.

Is firewall ports not being closed an honest mistake? Cleaning service having access to private data in a recycle bin?

Protecting personal data is the companie's responsibility. If they fail they need to be held responsible. No, sending out fliers that say, 'Our bad, hope your identity doesn't get stolen'. Yeah, bad PR hurts them, but that isn't enough IMHO. I think they should be held responsible to provide a monitoring service you can opt-in to help be sure that doesn't happen for something like three years.

This doesn't even touch the likely huge amounts of breaches, lost data that goes unreported, both because the company keeps it quiet, and those they don't even notice.

Parent

"Folks that want porn can buy an Android phone." -- Steve Jobs