Study Analyzes 16 Months of Data Breaches
A new report on consumer data breaches recorded over the past 16 months indicates that hacking remains the most frequent source of data theft and loss, with breaches reported by educational institutions making up 43 percent of all reported data thefts or losses.
The study was conducted by the AARP (formerly the American Association of Retired Persons) using data from 244 breaches reported from Jan. 1, 2005, through May 26, 2006. The data was compiled from publicly disclosed security breaches involving information that collectively involved nearly 90 million people, as compiled by the Identity Theft Resource Center, a San Diego-based nonprofit organization.
The study found that criminal hacking was responsible for one-third of all reported breaches, while physical theft of laptops and other data storage media accounted for 29 percent. Twenty-three percent of breaches were the result of sensitive consumer information being improperly displayed, such as on a public Web site. Roughly 7 percent of breaches were caused by employees stealing or selling personal data, while just 2 percent resulted from back-up tapes being lost.
Colleges and universities were more than twice as likely to report a breach as any other entity, followed by government agencies (17 percent) and businesses (15 percent). While educational institutions reported the most largest number of breaches, the total number of potential identity fraud victims of those breaches was just over 3.6 million, far less than the number of potential victims of data breaches, thefts or losses at financial institutions (47 million) and government entities (34.1 million).
According to the study, that statistic holds true even without the two biggest incidents that contributed to those numbers -- the database breach at now-defunct credit card processor CardSystems that jeopardized roughly 40 million credit card accounts, as well as the theft of a laptop from the Department of Veterans Affairs, which contained sensitive data on more than 26 million Americans (the laptop was later recovered).
Taking away those two huge incidents, breaches from insider access and lost back-up tapes accounted for the greatest number of potential victims.
I'll be online today at 11 a.m. ET for my regular Web chat on computer security. Submit a question here.
Posted by: Thomas | September 1, 2006 11:54 AM | Report abuse
Posted by: Bk | September 1, 2006 1:51 PM | Report abuse
Posted by: AmateurHater | September 1, 2006 5:42 PM | Report abuse
Posted by: Steve R. | September 1, 2006 5:44 PM | Report abuse
Posted by: Mila | September 1, 2006 7:34 PM | Report abuse
Posted by: Jordan | September 2, 2006 12:47 AM | Report abuse
Posted by: DieKel9 | September 2, 2006 12:14 PM | Report abuse
Posted by: Paul Misner | September 4, 2006 8:57 PM | Report abuse
Posted by: Chris Walsh | September 12, 2006 10:59 AM | Report abuse
The comments to this entry are closed.