Sunday, December 30, 2007

2007 "worst year ever" for data breaches

Looking back, 2007 has been the worst year ever for privacy breaches. This may only be the case because of mandatory breach reporting in many US jurisdictions, but the numbers are pretty staggering. See: Personal data theft reaches all-time high - Houston Chronicle, which includes:

Major 2007 breaches

Some major data breaches disclosed in 2007:

  • Discount retailer TJX Cos. reports hackers broke into its computer systems and accessed at least 46 million customer records, primarily credit card data. Banks later sue TJX and estimate the breach involved at least 94 million records.
  • Britain's tax and customs department loses two computer disks containing personal information such as addresses and bank account numbers for about 25 million people. The disks were sent via internal government mail to the government's audit agency, but never arrived.
  • Dai Nippon Printing Co., a Japanese commercial printing company, says a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients.
  • A check-authorizing subsidiary of Fidelity National Information Services says information on 8.5 million consumers was stolen, allegedly by a former employee.
  • Online brokerage TD Ameritrade Holding Corp. said one of its databases was hacked and contact information for its more than 6.3 million customers was stolen.
  • The online job site Monster Worldwide Inc. discovered that con artists had grabbed contact information from resumes of 1.3 million people.

Source: Associated Press research


IdeaStormerJorge said...

We keep hearing of privacy laws being violated but what are the consequences? The companies issue apologies and list out their new measures to prevent them from happening again but what legal action can be taken when on-line privacy laws are broken? Has anyone ever done anything against these privacy law violators? Can we do anything?

Ben Wright said...

The Nevada legislation requires encryption of data in motion. Legislation pending in Michigan and Washington would require encryption of data at rest.