The big data breaches at Yahoo and Target make headlines. In fact, Yahoo’s data breaches, rejuvenated by new disclosures, can’t seem to get out of the headlines. If you use Yahoo with an alias and a fake date of birth, your exposure is limited. If your data is compromised at a retailer, if might include your credit card data, but not normally your date of birth or Social Security number. But if your data is compromised at a healthcare provider, insurer, a university (happened to me), or tax accountant, the hackers gained access to your crown jewels. Those data breaches occur all the time – though they might not make the news.
This year through February 28, according to the Identity Theft Resource Center, there have been 240 data breaches in the US with 1.1 million records “known” as compromised – though the number of records actually compromised is much higher (more in a moment). The ITRC report divides them in five categories. Note the top two:
- Medical/healthcare: 64 breaches, 569,364 records (51.7% of total)
- Business (excl. banking/financial): 120 breaches, 464,540 records (42.2% of total)
- Government/Military: 13 breaches, 39,232 records (3.6% of total)
- Educational: 13 breaches, 39,232 records (2.6% of total)
- Banking/financial: 2 breaches, 0 records “known”
The ITRC defines a data breach as an incident that exposes an individual name plus a Social Security number, driver’s license number, medical record, or financial record (including credit/debit cards) and thus triggers data-breach notification laws.
It also includes incidents that don’t require notification, such as exposure of user names, emails, and passwords without involving sensitive personal identifying information. This number of exposed “records” is not included and shows zero.
The report lists by name the 240 entities where data breaches have been reported so far this year. It also lists the number of records exposed by each entity, though most of the time the number is “unknown” and therefore not included in the totals. So the total number of records exposed is much higher.
No comments:
Post a Comment