The Identity Theft Resource Center (ITRC) has released their 2008 breach report showing a 47% increase in data breaches over 2007.
2008 Data Breaches Reported - 656
2007 Data Breaches Reported - 446
Keep in mind the key word in this data - reported. More data breaches go un-reported and/or undetected. However, this data still shows a troubling increase in data security issues.
Breaking down the data by sector, the figures are approximately the same as in previous years. The Business sector accounted for 240 breaches, 36.6% of all breaches. Following behind in terms of incidence are Education (20%), Government (16.8%), Medical (14.8%) and Financial (11.9%). The Government sector was the only sector to have a marked decrease in breach incidents over a 2 year period, dropping nearly 50% since 2006.
According to ITRC reports, only 2.4% of all breaches had encryption or other strong protection methods in use. 8.5% used password protection.
Five categories of data loss methods are tracked: data on the move, accidental exposure, insider theft, subcontractors, and hacking. Insider theft accounted for 15.7% of data breaches, more than doubling between 2007 and 2008. Most breaches, 35.2%, are accidental, falling into the 'data on the move' and 'accidental exposure' categories.
Based on data collected, 82.3% of breaches were electronic (vs paper) and at least 35.7 million records were potentially breached (based on notification letters / information supplied). Given that one breach alone in 2007 accounted for 25 million exposed records in 2007, it is likely that though the number of breaches went up in 2008, the number of records exposed may have gone down.
You can download the ITRC Stats & Reports here.
Fun read: Ever wonder what a month of spam looks like? Crazy, isn't it, that one person can receive so much spam!