Reports of data breaches in the United States increased 47 percent in 2008 from the year before, mostly as a result of lost or stolen equipment, and accidental exposure of data online, according to a new study from the nonprofit Identity Theft Resource Center.
There were 656 reports of breaches last year, compared with 446 for 2007, and an estimated 35.7 million records were potentially breached based on notification letters and information from breached companies, the study released this week found.
The breaches run the gamut, including: laptops stolen from Merrill Lynch and Starbucks; bank card information stolen from fake card readers at gas stations in Georgia; Ohio State University student Social Security numbers exposed on the Internet; a former Library of Congress employee using co-workers' data to open bogus credit card accounts; a Seattle school district inadvertently releasing teacher data to a union; financial information on mortgage files abandoned outside a Boise recycling center; and the World Bank Group's computer network being penetrated.
The reports of insider theft more than doubled to represent 15.7 percent of the breaches, while more than a third of the breaches were a result of data on the move, such as stolen laptops, and accidental exposure.
Breaches from data theft by employees doubled, to nearly 16 percent, while hacking and use of data-stealing software represented about 14 percent of the breaches. Only 2.4 percent of all breaches had encryption or other protection methods in use, and only 8.5 percent of victims using password protection.
More than 80 percent of the breaches were electronic in nature, with the rest involving paper documents.