US Data Breaches Near 94 Million

October 2006

Less than two years into the great cultural awakening to the vulnerability of personal data, companies and institutions of every shape and size -- such as the data broker ChoicePoint, the credit card processor CardSystems Solutions, media companies such as Time Warner and dozens of colleges and universities across the land -- have collectively fumbled 93,754,333 private records.

Or at least that's the rough figure tallied so far by the Privacy Rights Clearinghouse, a consumer advocacy organization in San Diego.

An entry from Sept. 7: Chase Card Services, a division of J.P. Morgan Chase, announced that it had begun notifying 2.6 million current and former Circuit City credit card account holders that computer tapes containing their personal information had been inadvertently tossed in the trash.

The bank said it believed the tapes were safely "buried in a landfill" somewhere, but it was nonetheless offering affected consumers the now pro forma consolation prize: one year of free credit monitoring.

On Sept. 21, another entry was logged. The Commerce Department announced that between 2001 and the present, 1,137 laptops -- or about 4 percent of its total inventory -- were lost, missing or had been stolen from its 15 operating units. The largest number, 672, had been in use at the Census Bureau, the department reported, and 246 of those contained "some degree of personal data," although it maintained that a combination of passwords and "complex data formats," among other things, would limit the risk that the information could be misused.

And last week, the N.C. Division of Motor Vehicles announced it is notifying 16,000 motorists that someone broke into the agency's driver's license office in Louisburg and took a computer containing their personal information.

It's not just a government problem. Incidents run the gamut: In June, it was revealed that the names, addresses and credit and debit card numbers of about 243,000 customers of Hotels.com were lost to the wind when a laptop holding the data was spirited away by a thief. The device, which belonged to an employee of Ernst & Young, the auditor for Hotels.com, was left in a locked car.

But a survey of 484 U.S.-based information technology departments within business or governmental organizations, published in August by the Ponemon Institute, a privacy consulting company, and sponsored by the data security firm Vontu, tells the real story.

The survey found, among other things, that more than half of corporate laptops contained unprotected sensitive data, that one in 10 laptops is stolen and that 97 percent of those are never recovered. The study also found that 81 percent of firms reported that an "electronic storage device such as a laptop" specifically containing sensitive or confidential information had been lost or stolen in the past year.

The problem isn't going to be solved by relegating security entirely to passwords and encryption -- although that is necessary, said Joseph Ansanelli, the chief executive and founder of Vontu, who has testified before Congress on privacy problems.

Just as important, Ansanelli suggested, is simply paying attention to who has access to what data, why, how it's being moved, where it's being moved to -- and establishing clear rules to govern it all.

"Only by focusing on understanding where data is stored and where it is going can organizations better protect information and prevent it from being carried or sent insecurely," Ansanelli said.

He added, "And if organizations do not stop the insanity of data loss, Congress will be forced to act and mandate new protections for all this information."

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion