US Data Breach disclosures top 150M records
I have concluded an analysis of the latest data from the not-for-profit Privacy Rights Clearinghouse. Since February 2005 they have been recording a Chronology of Data Breaches that have been made public since the very first US Data Breach disclosure laws have come into effect.
Whilst they are the only worldwide organisation to do this sort of thing (and I'm pretty sure that the US data breach laws are to thank for providing the disclosures) and the data is very US centric, it does provide us with some interesting observations in a field that is so desperately short of statistical data.
I have tabled the analysis of all 391 publicised incidents below:
The main eye-catching observation is how data lost due to stolen laptops,PDA's and computers accounts for 37% of the incidents and 24% of the records lost. I predict a huge uptake by clients in security solutions that encrypt and protect data on portable and mobile devices.
The list of main victims/offendors also makes for interesting reading, showing that even large organisations with big security/IT budgets are at risk:
1. TJ Stores - 45,700,000
2. Card Systems - 40,000,000
3. US Dept Veteran Affairs - 28,600,000
4. CitiFinancial - 3,900,000
5. Circuit City - 2,600,000
6. Chicago board of elections - 1,300,000
7. Bank of America - 1,200,000
8. DSW Retail ventures - 1,400,000
9. Wachovia/Bank of America/Bancorp - 676,000
10.Time Warner - 600,000
11.University of Southern California - 270,000
12.Georgia DMV - x00,000’s
13.LexisNexis - 310,000
14.Ameritrade - 200,000
15.Choicepoint - 145,000
Even more interesting are the notes in the database detailing costs of cleanup/legal fees/lawsuits and fines paid, often running in the tens of millions of dollars. Some criminal/negligence charges are brought against board members of these companies too.
CATEGORIES : 1data breach, 1disclosures, 1laws, 1hacks, 1IDtheft
Whilst they are the only worldwide organisation to do this sort of thing (and I'm pretty sure that the US data breach laws are to thank for providing the disclosures) and the data is very US centric, it does provide us with some interesting observations in a field that is so desperately short of statistical data.
I have tabled the analysis of all 391 publicised incidents below:
The main eye-catching observation is how data lost due to stolen laptops,PDA's and computers accounts for 37% of the incidents and 24% of the records lost. I predict a huge uptake by clients in security solutions that encrypt and protect data on portable and mobile devices.
The list of main victims/offendors also makes for interesting reading, showing that even large organisations with big security/IT budgets are at risk:
1. TJ Stores - 45,700,000
2. Card Systems - 40,000,000
3. US Dept Veteran Affairs - 28,600,000
4. CitiFinancial - 3,900,000
5. Circuit City - 2,600,000
6. Chicago board of elections - 1,300,000
7. Bank of America - 1,200,000
8. DSW Retail ventures - 1,400,000
9. Wachovia/Bank of America/Bancorp - 676,000
10.Time Warner - 600,000
11.University of Southern California - 270,000
12.Georgia DMV - x00,000’s
13.LexisNexis - 310,000
14.Ameritrade - 200,000
15.Choicepoint - 145,000
Even more interesting are the notes in the database detailing costs of cleanup/legal fees/lawsuits and fines paid, often running in the tens of millions of dollars. Some criminal/negligence charges are brought against board members of these companies too.
CATEGORIES : 1data breach, 1disclosures, 1laws, 1hacks, 1IDtheft