Data breaches already surpass 2007 total

The number of reported data breaches has already surpassed 2007's total, according to a report from Identity Theft Resource Center.

Jay Foley, the nonprofit's executive director, told SCMagazineUS.com on Tuesday that so far in 2008, there have been 449 breaches reported by businesses, government, and universities, compared to 446 for all of last year.

“The breach list, however, doesn't reveal exactly how many records were compromised,” Foley said.

The reason the 2008 number is so high has to do with changes in regulations.

“More states and organisations are required to report breaches,” he said, “and more consumers want to hear about them.” More than 40 states have enacted breach notification laws.

The increasing numbers of reported breaches is a result of a confluence of factors, said Alexander Southwell, a former federal prosecutor and cybercrime expert.

“They include an increasing number of data breach notification laws, increasing enforcement of privacy and data integrity issues by regulators, law enforcement, and civil plaintiffs' attorneys, and the ongoing digitisation of society, where more and more personal identifying information is captured and stored,” he said. 

Kevin Mandia, founder of security intelligence firm Mandiant, told SCMagazineUS.com that the number of data compromises is increasing.

“That increase is likely due to the development of SQL injections, which made breaches much easier to do,” Mandia said. “Human intervention is not as necessary for data theft as it once was.”

He added that compliance regulations are forcing more companies to discover breaches.

“Instead of the ‘ignorance is bliss' approach that was the norm in the past, firms are becoming more diligent about investigating breaches,” Mandia said.

See original article on scmagazineus.com