Data breaches jumped in 2008, ITRC report finds

By Marcia Savage, Features Editor, Information Security magazine 07 Jan 2009 | SearchFinancialSecurity.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

Despite being proactive when it comes to data security, the financial-services industry saw an increase in the number of data breach reports last year, according to a report released Tuesday by the Identity Theft Resource Center.

SearchFinancialSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

San Diego-based nonprofit found that data breach reports across five industry sectors jumped to 656 last year, up 47% from 2007. About 12% of the reports came from financial-services firms, up from 7% in 2007.

Financial institutions reported more than 18 million records breached last year. Overall, more than 35 million records were compromised in 2008, the center said.

Only 2.4% of all breaches involved data where encryption or other strong protective measures were in place, and only 8.5% involved password protection. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the ITRC said in a prepared statement.

Data breach lessons: Lessons learned: The Countrywide Financial breach: The data breach at Countrywide Financial Corp. seems like something out of a TV crime drama. Lessons learned: The Montgomery Ward breach: When Montgomery Ward suffered a breach, it took them six months before they began to alert customers. Lessons learned: The State Street Corp. breach: Learn what led to the data breach at State Street and how you can avoid such breaches at your financial firm.   Lessons learned: The Citibank ATM breach: Learn what went wrong with the Citibank ATM breach and how your financial organization can protect itself from the same danger.

Malware attacks, hacking and insider theft accounted for nearly 30% of breaches that cited a cause. According to the ITRC, insider theft more than doubled between 2007 and 2008, accounting for 15.7% of the breaches.

Of the five sectors the Identity Theft Resource Center studies – business, educational, government/military, health/medical and financial/credit – the financial-services industry had the lowest percentage of the total number of breaches, which has not changed in the three years that the ITRC has monitored data breaches.

"The financial, banking and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said.

Still, financial institutions were among those reporting some of the biggest breaches last year. The Bank of New York Mellon Shareholder Services reported 12.5 million records breached in two separate incidents in which third-party couriers lost unencrypted backup storage tapes.

Atlanta-based RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, on Dec. 23 reported that personal information of about 1.5 million pre-paid cardholders and the Social Security numbers of 1.1 million individuals were compromised when its computer system was hacked.

Tags: Data breaches and prevention strategies,  State data security breach laws,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data breaches and prevention strategies Bank computer technician indicted in identity theft scheme Survey: Consumers don't trust banks to keep their data secure ChoicePoint settles with FTC over second data security breach Data breach lawsuit puts spotlight on bank's security measures Google ordered to deactivate Gmail account after bank email error Threat of insider fraud growing with bad economy Data breach protection: Implementing vendor breach safeguards Zeus Trojan hitting banking customers hard TJX settles with banks for $525,000 RBS WorldPay agrees to market VeriFone end-to-end encryption State data security breach laws Keeping up with state data protection laws Massachusetts data protection law has mixed impact on financials Download presentations from Financial Information Security Decisions 2009 Understanding the impact of new state data protection laws Complying with breach notification laws Opinion: Government misses its chance to protect data Flurry of state disclosure laws creates confusion for CISOs Data breach law could put financial burden on retailers Governor rejects data security law

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Governance, Risk and Compliance  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary