According to an upcoming study from the Identity Theft Resource Center (ITRC), previewed in advance by Information Week, 419 breaches were publicly disclosed in the US for 2011 affecting 22.9 million records*. Of those breaches, hack attacks were the leading cause of data breaches for the year, responsible for 26% of all known data breach incidents.
Following hack attacks, lost "data on the move" accounted for the second largest sector of breaches in 2011 (18%). Data on the move includes data storage devices, laptops or paper reports that were lost or stolen in transit. Insider theft accounted for another 13% of reported data breaches.
The data for 2011 indicates that malicious attacks, combining both insider theft with malicious hack attacks, accounted for 40% of known breaches. Breaches that were the result of accidents accounted for 20% of known breaches. Non-financial and healthcare groups saw the greatest incidence of insider theft and non-financial businesses were also the target of the greatest number of hack attacks.
If you break down the data breaches by sector, Government and Armed Services exposed 44% of all exposed records, non-financial businesses (33%), medical and healthcare groups (16%), educational institutions (4%), and banking, credit and financial firms (3%). When it comes to data breaches, 81% of the 22.9 million exposed records included Social Security Numbers.
*Only 52% of disclosed breaches detailed the number of sensitive records exposed. Records not-deemed 'sensitive' (financial or SSN related) or breaches undisclosed or undetected would seriously inflate these figures.