Data breaches for July 2008 were relatively minor in terms of total Americans affected though the actual number of breaches continued the normal trend. The only breach affecting more than 100,000 Americans was Blue Cross Blue Shield from Georgia who exposed 202,000 people by sending letters, containing personal and medical information to wrong addresses. A small percentage also included Social Security numbers.
The education field continued its dominance in the number of breaches reported. This is likely more of a compliance factor as an educational facility is more likely to report than a business. A study of 500 data breach investigation from 2004 -2007 by Verizon Business Security Solutions showed that only 5% of breaches were reported. A recent survey of 300 RSA Conference attendees showed that 89% of data breaches went unreported.
Companies that do report a breach generally offer absolutely no identity protection. A few are taking the limited step of offering 1 free year of credit monitoring, while it seems rare for a company to provide, for free, the services of a fraud alert company such as LifeLock, Debix or TrustedID. Companies often take the position that although they lost your private data it is not at risk since no one has reported to them its use in an attack against their identity. If they are to chose a fraud alert company over credit monitoring they would, in fact, be saying that their breach put you at risk for identity theft or fraud.
The following is a sample, from datalossdb.org, of data breaches reported in July. For the full list and links to the corresponding article please visit their site at http://datalossdb.org.
Stolen laptop exposes Social Security numbers,home addresses and marital status of former and current employees.
Saint Mary’s Regional Medical Center
128,000 notified about possible database intrusion
Florida Agency for Health Care Administration
Names, addresses, birth dates, driver licenses and Social Security numbers of 55,000 organ donors exposed.
Missouri National Guard
Personal information of about 2,000 soldiers breached.
Wagner Resource Group
Social Security numbers, dates of birth, and names of about 2,000 exposed through peertopeer file sharing.
Washington Metropolitan Area Transit Authority
Social Security numbers of almost 4,700 posted to web.
Village of Tinley Park, Illinois
Lost backup tape contains Social Security numbers of 20,400.
Yan Chai Hospital
Lost backup disks contain 3,000 names and identity card numbers.
Names, addresses, and Social Security numbers on stolen backup tape.
Clark County Nevada District Court
Names, addresses, Social Security numbers and birth dates of 380 released by email.
1,800 notified about breach of system records including names and Social Security numbers.
Hackers potentially able to access names, addresses and Social Security numbers of 10,219.
Hacked server contains names, addresses, and Social Security numbers of about 2,800 library users.
University of Houston
Social Security numbers and names of 259 posted to the web for over two years.
Hillsborough Community College
Social Security numbers, names, addresses, and routing numbers of 2,000 stored on stolen laptop.
Indiana State University
Personal information of about 2,500 on stolen laptop.
University of Nebraska at Kearney
2,035 notified about names and Social Security numbers on hacked computers.
University of Texas at Austin
Social Security numbers of about 2,500 exposed on internet.
University of Maryland
Social Security numbers of 23,000 visible on mailing labels.
University of Texas at Dallas
Network attack exposes Social Security numbers, names, addresses, email addresses, and telephone numbers of 9200
Williamson County TN Schools
Names and Social Security numbers of 4,000 posted to web.
With only 5 – 11% of data breaches being reported it is easy to see that the astonishing number of breaches we hear about is only the tip of the iceberg. Hopefully, this will change as more pressure is put on companies to follow existing regulations and as more States enact legislation requiring reporting. Perhaps, politicians will have the foresight to enforce credit protection for affected Americans as well. Until that time it up to you to protect yourself and your family from becoming victims of identity theft. Don’t sit idly by when your personal and private information is compromised. Identity theft protection is reasonably priced and well worth the peace of mind, time savings, and financial security it provides. Explore our site to learn more about your options for protecting your families good name.