Personal data theft reaches record levels in 2007: group
Last Updated: Wednesday, January 2, 2008 | 11:42 AM ET
The Associated Press
The loss or theft of personal data such as credit card and social security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon, as hackers stay a step ahead of security and laptops disappear with sensitive information.
And while companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little, too late.
"More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself.
Foley's group lists more than 79 million records reported compromised in the United States through Dec. 18. That's a nearly fourfold increase from the nearly 20 million records reported in all of 2006.
Another group, Attrition.org, estimates more than 162 million records compromised through Dec. 21 — both in the United States and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million breaches last year.
"It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year," said Attrition's Brian Martin.
But the biggest difference between the groups' record-loss counts is Attrition.org's estimate that 94 million records were exposed in a theft of credit card data at TJX Cos., the owner of discount stores including T.J. Maxx and Marshalls. The TJX breach accounts for more than half the total records reported lost this year on both groups' lists.
In Canada, TJX owns the Winners and HomeSense chains. The company said hackers who stole information from TJX did not access information from Canadian debit cards.
The Identity Theft Resource Center counts about 46 million — the number of records TJX acknowledged in March were potentially compromised. Attrition's figure is based on estimates from Visa and MasterCard officials who were deposed in a lawsuit banks filed against TJX.
The breach is believed to have started when hackers intercepted wireless transfers of customer information at two Marshalls stores in Miami — an entry point that led the hackers to eventually break into TJX's central databases.
TJX has said that before the breach, which was revealed in January, it invested "millions of dollars on computer security, and believes our security was comparable to many major retailers."
With wireless data transmission more common, hackers increasingly are expected to target what many experts see as a major vulnerability.
Eavesdroppers appear to be learning how to bypass security safeguards faster than ever, said Jay Tumas, the head of Harvard University's network operations, at a recent conference for information security professionals.
The two nonprofit groups' 2007 data also show rising numbers of incidents in which employees lose sensitive data, as opposed to cases of hacking.
Lost data discs
Besides TJX's problem, major 2007 breaches include lost data discs with bank account numbers in Britain, a hacker attack of a U.S.-based online broker's database and a con that spilled resume contact information from a U.S. online jobs site.
"A lot of breaches are due to inadequate information handling, such as laptop computers with social security numbers on them that are lost," Foley said. "This is human error, and something that's completely avoidable, as opposed to a hacker breaking into your computer system."
Attrition.org and the Identity Theft Resource Center are the only groups, government included, maintaining databases on breaches and trends each year. They've been keeping track for only a handful of years, with varied and still-evolving methods of learning about breaches and estimating how many people were affected.
Despite those challenges, the two nonprofits say it's clear 2007 will end up a record year for the amount of information compromised, because of greater data loss and increased reporting of breaches.
Both groups acknowledge many breaches may be missing from their lists because they largely count incidents reported in news media that they consider credible.
Media coverage has risen in part because of the growing number of states requiring businesses and institutions to publicly disclose data losses. Thirty-seven states, plus Washington D.C., now have such requirements.
Because of proliferation of such laws, "it may take a year or two before things stabilize and we can see what's really happening," Foley said. "If that's the case, then we'll know whether businesses are practising better information-handling techniques."
Share Tools
Top News Headlines
- Canadian woman continues tweeting her way to the top of Everest
- Sandra Leduc is taking a second run at Mount Everest's summit after a deadly storm forced her back down the mountain and killed four others on Sunday. The Canadian lawyer and government worker is tweeting her progress along the way. more »
- Employment Insurance review boards to be scrapped
- The federal government is scrapping two review boards used by people appealing decisions made about their employment insurance. more »
- Teens share bullying tales in confession booth
- Raw stories about bullying emerged when a video booth was set up inside a Quebec high school. more »
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- The federal government is shutting the Canadian consulate in Buffalo less than two years after costly renovations, while dropping a requirement for visas to be renewed outside the country, CBC News has learned. more »
Latest Technology & Science News Headlines
- SpaceX capsule docked at International Space Station
- The privately bankrolled unmanned SpaceX Dragon capsule has been securely bolted to the Harmony module of the International Space Station. . more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- How curry spice helps the immune system kill bacteria
- A spice used in curry dishes helps to prevent infection and now scientists think they've got a lead on how. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 3:58 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Aylmer triple stabbing leads to first-degree murder charges
- Everest victim's family asks for government help
- Reclaiming the dead on Mt. Everest
- Employment Insurance review boards to be scrapped
- Teens share bullying tales in confession booth
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- Conservatives move again to have robocalls suits tossed
- Workers' EI history to affect claim under new rules
- Double-lung recipient dances on Ellen show
