The non-profit Privacy Rights Clearinghouse has compiled a summary of all the published data breaches since the choice point breach in Feb 2005:

TOTAL number of records containing sensitive personal information involved in security breaches: 88,795,619

When will the madness stop? The real challenge is knowing which of these breaches is meaningful. With the best data (pdf) I’ve seen says that only 8.9 million people actually reported having their identities stolen, and that number is actually decreasing:

In the last twelve months, 8.9 million American adults (4.0% of US adult population) became victims of identity fraud, an 11.9% decrease from 2003.

Also, if this data is right, 90% of those beaches were by non-electronic means. By my count, that means that less that 1% (~890,000) people were actually affected by a data breach. While this is a significant number, it’s not the crisis the news makes it out to be.

What’s happening with the other 99% of these records? They are lost. People lose things.
We need something other than data breach reporting. They are becoming so common, and actually affecting so few people, that the noise is drowning out the true signal of what people should be worried about.

Until we get sensible regulations about these things there are a few things that security professionals can be doing to make sure their company doesn’t add to the statistics:

• Encrypt portable devices - laptops, thumbs drives, etc.
• Encrypt backup tapes
• Implement good access to controls to your databases where sensitive data is held.
• Educate users about the risks. Use the all the examples in the PRC’s report to make your point.
• Pray.

A Chronology of Data Breaches Reported Since the choice point Incident [privacyrights.org]

2006 Identity Fraud Survey Report (PDF) [Javelin Strategy and Research]

Also useful is the PRC’s link to the Consumer’s Union compilation of all the relevant state laws. When can we get one national standard?

Notice of Security Breach State Laws (PDF) [Consumers Union]

Post a Comment...