Despite being proactive when it comes to data security, the financial-services industry saw an increase in the number of data breach reports last year, according to a report released Tuesday by the Identity Theft Resource Center.
San Diego-based nonprofit found that data breach reports across five industry sectors jumped to 656 last year, up 47% from 2007. About 12% of the reports came from financial-services firms, up from 7% in 2007.
Financial institutions reported more than 18 million records breached last year. Overall, more than 35 million records were compromised in 2008, the center said.
Only 2.4% of all breaches involved data where encryption or other strong protective measures were in place, and only 8.5% involved password protection. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the ITRC said in a prepared statement.
Malware attacks, hacking and insider theft accounted for nearly 30% of breaches that cited a cause. According to the ITRC, insider theft more than doubled between 2007 and 2008, accounting for 15.7% of the breaches.
Of the five sectors the Identity Theft Resource Center studies – business, educational, government/military, health/medical and financial/credit – the financial-services industry had the lowest percentage of the total number of breaches, which has not changed in the three years that the ITRC has monitored data breaches.
"The financial, banking and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said.
Still, financial institutions were among those reporting some of the biggest breaches last year. The Bank of New York Mellon Shareholder Services reported 12.5 million records breached in two separate incidents in which third-party couriers lost unencrypted backup storage tapes.
Atlanta-based RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, on Dec. 23 reported that personal information of about 1.5 million pre-paid cardholders and the Social Security numbers of 1.1 million individuals were compromised when its computer system was hacked.