Data breaches jumped in 2008, ITRC report finds

By Marcia Savage, Features Editor, Information Security magazine 07 Jan 2009 | SearchFinancialSecurity.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

Despite being proactive when it comes to data security, the financial-services industry saw an increase in the number of data breach reports last year, according to a report released Tuesday by the Identity Theft Resource Center.

SearchFinancialSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

San Diego-based nonprofit found that data breach reports across five industry sectors jumped to 656 last year, up 47% from 2007. About 12% of the reports came from financial-services firms, up from 7% in 2007.

Financial institutions reported more than 18 million records breached last year. Overall, more than 35 million records were compromised in 2008, the center said.

Only 2.4% of all breaches involved data where encryption or other strong protective measures were in place, and only 8.5% involved password protection. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the ITRC said in a prepared statement.

Data breach lessons: Lessons learned: The Countrywide Financial breach: The data breach at Countrywide Financial Corp. seems like something out of a TV crime drama. Lessons learned: The Montgomery Ward breach: When Montgomery Ward suffered a breach, it took them six months before they began to alert customers. Lessons learned: The State Street Corp. breach: Learn what led to the data breach at State Street and how you can avoid such breaches at your financial firm.   Lessons learned: The Citibank ATM breach: Learn what went wrong with the Citibank ATM breach and how your financial organization can protect itself from the same danger.

Malware attacks, hacking and insider theft accounted for nearly 30% of breaches that cited a cause. According to the ITRC, insider theft more than doubled between 2007 and 2008, accounting for 15.7% of the breaches.

Of the five sectors the Identity Theft Resource Center studies – business, educational, government/military, health/medical and financial/credit – the financial-services industry had the lowest percentage of the total number of breaches, which has not changed in the three years that the ITRC has monitored data breaches.

"The financial, banking and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said.

Still, financial institutions were among those reporting some of the biggest breaches last year. The Bank of New York Mellon Shareholder Services reported 12.5 million records breached in two separate incidents in which third-party couriers lost unencrypted backup storage tapes.

Atlanta-based RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, on Dec. 23 reported that personal information of about 1.5 million pre-paid cardholders and the Social Security numbers of 1.1 million individuals were compromised when its computer system was hacked.

Tags: Data breaches and prevention strategies,  State data security breach laws,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data breaches and prevention strategies Financial security pros expect improved funding in second half of 2009 Download presentations from Financial Information Security Decisions 2009 Banks using Twitter need to proceed with caution, experts say ATM malware used in Russia lets attackers control machines Aetna notifies 65,000 of job website breach Heartland breach cost $12.6 million, CEO says Data governance and classification Former Federal Reserve Bank employee arrested Data encryption: Lessons learned from implementation Data encryption: Q&A with Eric Leighninger State data security breach laws Download presentations from Financial Information Security Decisions 2009 Understanding the impact of new state data protection laws Complying with breach notification laws Opinion: Government misses its chance to protect data Flurry of state disclosure laws creates confusion for CISOs Data breach law could put financial burden on retailers Governor rejects data security law

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Governance, Risk and Compliance  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary