Data Breaches Rose Sharply In 2008

← Back to Stories (view on slashdot.org)

Data Breaches Rose Sharply In 2008

Posted by CmdrTaco on Wednesday January 7, 2009 @04:44AM from the my-password-is-p4ssw0rd dept.

snydeq writes "According to the Identity Theft Resource Center, more than 35 million data records were breached in the US in 2008. Tracking media reports and disclosures companies are required to make by law, the ITRC noted a 47 percent increase in breaches last year at a range of well-known US companies and government entities. The majority of the lost data was neither encrypted nor protected by a password. A third of the breaches occurred at business entities. One in six breaches were attributed to insider theft, a figure that more than doubled between 2007 and 2008, ITRC said."

8 of 43 comments (clear)

And expected to rise by truthsearch · 2009-01-07 04:50 · Score: 4, Insightful

With increased layoffs and economic hardships I would expect these numbers to go up again this year. On top of the individual motivations for just attempting it, it's unlikely corporations or governments are going to drastically increase security spending this year.

--
Developers: We can use your help.
1. Re:And expected to rise by Thaelon · 2009-01-07 07:05 · Score: 2, Insightful
  
  Rarely should security have to do with spending. Sure, you'll plunk down a chunk of change for a fast firewall to sit between you and the intarwebs, but it's all pretty moot if your employees don't know any better and get password phished, or use Outlook Express and pounce on every cool sound attachment with wanton double clickery.
  In the IT world it's about being smart and educating your users more than anything else. And that just takes one competent IT guy and some face time with the rest of your people.
  
  --
  Question everything
2. Re:And expected to rise by truthsearch · 2009-01-07 08:38 · Score: 2, Insightful
  
  Corporate training costs far more than one IT guy and a little face time. There's materials, conference rooms, continued support, etc. One IT guy would get very tired talking to tens of thousands of people, so a few would be required. Then every employee must commit at least a few hours, which drops productivity. And I'm sure the IT guys would want to implement some related systems, like testing for weak passwords.
  
  --
  Developers: We can use your help.
Getting there by LordAndrewSama · 2009-01-07 04:51 · Score: 4, Funny

more than 35 million data records were breached in the U.S. in 2008.

Pfft, nowhere near the UK yet, keep trying...
Hint: leave the laptop on a train. ;)
Wait, what? by girlintraining · 2009-01-07 04:53 · Score: 5, Insightful

Pardon me for saying, but insider theft in every business aspect has dominated the charts -- over 80% in most cases. Most case studies I've seen in computer security point to this as the overriding concern in setting up corporate networks and systems. And now comes along a report saying that this has been turned on its head and the reverse is true?
I smell a rat, and looking at the name on the report, I think I might have found the cheese too.

--
#fuckbeta #iamslashdot #dicemustdie
Harsher Consequences? by kudokatz · 2009-01-07 05:13 · Score: 4, Interesting

This is just more evidence of what is already widely known: people are generally lax about security matters. What we really need is some way of getting the point across that things like reasonable passwords are turning into a necessity of every-day life.
Both the twitter and Palin e-mail "hackers" just guessed passwords or researched PII to get in. This also shows we definitely need some better form of authentication, and that authorization policies inside organizations should be more paranoid. Of course I'm still lost as to alternatives to passwords, so perhaps people will just have to suck it up and put a bit of effort into it.
There are always the trade-offs between effort and the value of what one is protecting. If the public finds these data breaches unacceptable, why not make the consequences more serious so that from a business standpoint it is more worthwhile to spend on security? This may lead to corporations developing an atmosphere of security awareness, which will keep people actively thinking about important steps to take in typical day-to-day activities.
REPORTED breaches by Gothmolly · 2009-01-07 05:14 · Score: 3, Informative

An increase in REPORTED breaches. There is less stigma on it these days, and more scrutiny.

--
I want to delete my account but Slashdot doesn't allow it.
what is a breach of security and what is not? by Benjamin_Wright · 2009-01-07 05:25 · Score: 2, Interesting

Most all data in commercial and government systems are "exposed" or "compromised" to one degree or another virtually all the time. So it is not surprising that as we focus more attention on breaches, we discover an ever-growing number of breaches. Under the presenting thinking, the growth will never stop. Should each citizen therefore be mailed 100 breach notices every day? Legally and ethically speaking, we do not have a competent definition of what is and is not a meaningful security breach. The result is confusion and excessive anxiety on the part of data holders, data subjects, legal authorities and the media. Ben

--
Benjamin Wright, Dallas, Texas, benjaminwright.us