News Stay informed about the latest enterprise technology news and product updates.

Data breaches jumped in 2008, ITRC report finds

The financial-services industry is better at security than others, but it still sees an uptick in breach reports, according to a new study.

Despite being proactive when it comes to data security, the financial-services industry saw an increase in the number of data breach reports last year, according to a report released Tuesday by the Identity Theft Resource Center.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

San Diego-based nonprofit found that data breach reports across five industry sectors jumped to 656 last year, up 47% from 2007. About 12% of the reports came from financial-services firms, up from 7% in 2007.

Financial institutions reported more than 18 million records breached last year. Overall, more than 35 million records were compromised in 2008, the center said.

Only 2.4% of all breaches involved data where encryption or other strong protective measures were in place, and only 8.5% involved password protection. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the ITRC said in a prepared statement.

Data breach lessons:
Lessons learned: The Countrywide Financial breach: The data breach at Countrywide Financial Corp. seems like something out of a TV crime drama.

Lessons learned: The Montgomery Ward breach: When Montgomery Ward suffered a breach, it took them six months before they began to alert customers.

Lessons learned: The State Street Corp. breach: Learn what led to the data breach at State Street and how you can avoid such breaches at your financial firm.
Lessons learned: The Citibank ATM breach: Learn what went wrong with the Citibank ATM breach and how your financial organization can protect itself from the same danger.

Malware attacks, hacking and insider theft accounted for nearly 30% of breaches that cited a cause. According to the ITRC, insider theft more than doubled between 2007 and 2008, accounting for 15.7% of the breaches.

Of the five sectors the Identity Theft Resource Center studies – business, educational, government/military, health/medical and financial/credit – the financial-services industry had the lowest percentage of the total number of breaches, which has not changed in the three years that the ITRC has monitored data breaches.

"The financial, banking and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said.

Still, financial institutions were among those reporting some of the biggest breaches last year. The Bank of New York Mellon Shareholder Services reported 12.5 million records breached in two separate incidents in which third-party couriers lost unencrypted backup storage tapes.

Atlanta-based RBS WorldPay, the U.S. payment processing arm of the Royal Bank of Scotland, on Dec. 23 reported that personal information of about 1.5 million pre-paid cardholders and the Social Security numbers of 1.1 million individuals were compromised when its computer system was hacked.

Dig Deeper on Data breaches and prevention strategies

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.