Print

Email story

Comment

Letter to the editor

Data breaches climb in '07

The amount of personal information stolen or misplaced has reached record levels.

BOSTON - The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around any time soon as hackers stay a step ahead of security and laptops disappear with sensitive information.

And while companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little, too late.

"More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself.

Foley's group lists more than 79-million records reported compromised in the United States through Dec. 18. That's a nearly fourfold increase from the nearly 20-million records reported in all of 2006.

Another group, Attrition.org, estimates more than 162-million records compromised through Dec. 21 in the United States and overseas. Attrition reported 49-million last year.

"It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year," said Attrition's Brian Martin. "I imagine the total records compromised will steadily climb."

With wireless data transmission more common, hackers increasingly are expected to target what many experts see as a major vulnerability.

The two nonprofit groups' 2007 data also show rising numbers of incidents in which employees lose sensitive data, as opposed to cases of hacking.

"A lot of breaches are due to inadequate information handling, such as laptop computers with Social Security numbers on them that are lost," Foley said. "This is human error, and something that's completely avoidable, as opposed to a hacker breaking into your computer system."

Fast facts

Major cases in '07

-Discount retailer TJX Cos. reports hackers accessed at least 46-million customer records, primarily credit card data. Banks later estimate the breach involved at least 94-million records.

-Britain's tax and customs department loses two computer disks containing personal information for about 25-million people.

-Dai Nippon Printing Co., a Japanese printing company, says a former contract worker stole nearly 9-million pieces of private data.

-A check-authorizing subsidiary of Fidelity National Information Services says data on 8.5-million consumers was stolen, allegedly by a former employee.

-Online brokerage TD Ameritrade Holding Corp. said a database was hacked and contact information for more than 6.3-million customers was stolen.

-The online job site Monster Worldwide Inc. found that data from resumes of 1.3-million people were taken.

[Last modified December 31, 2007, 01:02:45]