Data breaches in U.S. already surpass 2007 total

Published 28 August 2008

The number of reported data breaches in the United States has already surpassed 2007’s total; more states now require breach reporting; experts also say that the development of SQL injections made breaches much easier

The number of reported data breaches has already surpassed 2007’s total, according to a report from Identity Theft Resource Center. Jay Foley, the nonprofit’s executive director, told Sue Marquette Poremba of SCMagazineUS.com on Tuesday that so far in 2008, there have been 449 breaches reported by businesses, government, and universities, compared to 446 for all of last year. “The breach list, however, doesn’t reveal exactly how many records were compromised,” Foley said.

The reason the 2008 number is so high has to do with changes in regulations. “More states and organizations are required to report breaches,” he said, “and more consumers want to hear about them.” More than forty states have enacted breach notification laws. The increasing numbers of reported breaches is a result of a confluence of factors, said Alexander Southwell, a former federal prosecutor and cyber crime expert. “They include an increasing number of data breach notification laws, increasing enforcement of privacy and data integrity issues by regulators, law enforcement, and civil plaintiffs’ attorneys, and the ongoing digitization of society, where more and more personal identifying information is captured and stored,” he said. 

Kevin Mandia, founder of security intelligence firm Mandiant, told SCMagazineUS.com that the number of data compromises is increasing. “That increase is likely due to the development of SQL injections, which made breaches much easier to do,” Mandia said. “Human intervention is not as necessary for data theft as it once was.” He added that compliance regulations are forcing more companies to discover breaches. “Instead of the ‘ignorance is bliss’ approach that was the norm in the past, firms are becoming more diligent about investigating breaches,” Mandia said.