Data breaches in 2007, will bring action in 2008

As you're reading this, chances are that your new year's resolutions have long been forgotten or will soon be broken. As well as time for setting goals, the new year was also a time for reflecting on what has happened in the last year, or, perhaps more importantly, thinking ahead on what is to come.

Of course, in the fast-changing world of information security, a lot can happen in a year. The nature of threats is continually changing - we've seen the rise of the uberbotnets, with the likes of the Storm worm growing to vast proportions.Virus writing has become a sophisticated commercial enterprise, done purely for profit.

Of course, security technology is doing a pretty good job of keeping up with things - if you're running a good recent anti-spam system, the chances are you won't even have noticed that spam and malicious emails have risen five-fold during the course of the past year.

However, the big theme of 2007 was the world waking up to the realisation that there is now a lot of key personal data that is not looked after very well at all.

The main story probably wasn't the UK's HMRC's data losses but the really big hack of 2007: the compromise of customer passwords at ISP Fasthosts. Unlike the HMRC incident, where the data has most likely "just" been lost, the machine holding the Fasthosts information was broken into, and the data stolen.

The impact of this will take some time to trickle through - in the worst case, hundreds of e-commerce sites will have been accessed, with customer details and credit-card information being taken. Like the HMRC incident, this wasn't due to flaws in technology, but appears to be the failure to adopt some key principles of data security, such as encryption.