ITRC reports 656 admitted incidents in 2008

The Identity Theft Resource Center (ITRC) came up with new survey. It says that US organizations lost even more sensitive data in a greater number of information security screw-ups last year. In fact 35 million data records were exposed last year in 656 admitted incidents, up 47 per cent compared to the 446 data loss calamities logged in 2007. And it should be taken into account that 40 per cent of breaches go unreported. So the true number of exposed records is likely to be far higher than it is covered in official reports. ITRC provides the detailed information on data breaches that were reported last year. Those breaches involved data unprotected by either encryption or even password protection.

However, only in 25 (2.4 per cent) of all breaches involved encrypted data, while password protection was covered in just 8.5 per cent of cases. Also the Identity Theft Resource Center monitored five categories of data loss. Among them are data lost in transit, accidental exposure, insider theft, subcontractors, and hacking. Recorded breaches touched such categories as computer malware. So computer malware, hacking, and insider theft accounted for 29.6 per cent of recorded breaches. And in those cases the root cause of the attack is known. One in six breaches (15.7 per cent) were blamed to insider theft, a figure that's more then doubled between 2007 and 2008. Also the survey showed some good aspects. For example, data losses due to human error rather than malign action dropped in frequency. However, it still accounts for more than a third of cases (35.2 per cent), again where the cause of a breach has been determined.

Moreover, according to ITRC electronic breaches (82.3 per cent) continue to outnumber paper breaches (17.7 per cent) by almost four to one. Also it was covered that US government organizations were less inflicted in breaches last year than private sector. The latter one's screw-ups showed a corresponding rise.

Source: The Register