Record Number of Data Breaches Reported in 2007, But Optimism Reigns

Posted by Hozaifa Cassubhai The number of publicly reported data breaches in the United States rose by more than 40 percent in 2007, according to the Identity Theft Resource Center (ITRC), and it appears Microsoft, among others, is taking steps in response. In its December 31 report, the ITRC cited 446 breaches in 2007. Those breaches resulted in the exposure of approximately 127 million data records. In comparison, the consumer rights advocacy group identified 312 publicized breaches in 2006 affecting nearly 20 million records. By category, the 2007 breaches break down as follows: 28.9% from general businesses; 24.9% from educational institutions; 24.7% from government/military agencies; 14.6% from health care facilities/companies; and 7% from banking/credit/financial services entities. While 2007 may be worst on record from a statistical perspective, ITRC founder Linda Foley cautioned that the current increases in data theft do not exclusively reflect a rise in data thievery, but also the fact that more data breaches are being reported to the public than ever before. This is presumably so, in part, because of mandatory reporting laws that govern organizations in 39 states and the District of Columbia. Foley also noted that regulated industries like healthcare and finance reported far fewer breaches than those less structured, indicating a trend that as data breach awareness goes up, the actual number of breaches will go down. Also, of the 127 million exposed customer records in 2007, 94 million came from the TJ Maxx breach. That said, ITRC predicts that the numbers will rise even further in 2008. It is perhaps for that reason that Microsoft recently launched a security blog that explains the vulnerability research behind the patches and security updates the company releases each month. Through bi-weekly updates, the Security Vulnerability Research and Defense blog provides in-depth technical information and ways security professionals can protect an organization from vulnerabilities.“We’re going to share as much [] information as possible here because we believe that helping you understand vulnerabilities, workarounds, and mitigations will help you more effectively secure your organization,” Microsoft stated in the first posting.