||DATA BREACH DISCLOSURES FOR FIRST HALF OF 2008
During the first half of 2008, NCX Group listed 169 breach disclosures where significant identity theft was a factor. These disclosures, substantiated by news outlets, letters to state attorneys general, or notifications within specific business sectors or industries, remind us that data exposures can and do happen within all business and service areas. Each year, many studies are done to let us know what industries are taking the most “hits”, what made them vulnerable, and why. The following statistics will provide a basic overview of how data breaches are trending so far this year according to NCX.
In reviewing the information on our 2008 Reported Data Breaches website for the first six months, it would conclude that educational institutions rank highest, exposing 40% of the personal data breaches listed, followed by general business entities at 23%, healthcare and medical at 16%, government at 13%, and financial at 8%, probably because they are so regulated.
These percentages are no doubt skewed, though, because many breaches involve multiple businesses that have not been disclosed. Likewise, companies, medical facilities, financial or educational institutions may be noted for a breach, yet the vendor they used who actually was responsible sometimes goes unnamed. As featured in our April newsletter, Contract Vendors Causing Many Breaches, these vendor and business partners are fast becoming the culprits of many of the breaches reported, and as more companies outsource human resource functions we will see this area continue to increase. So based on how the breach was disclosed and reported, and who is taking responsibility for it, will determine the results of the statistics.