Welcome to TBO.com. Skip directly to: our Keyword Search, Section Navigation, Content.

TBO.com - TBO is Tampa Bay Online

TBO.com - Tampa Bay Online

TBO > News

Data Loss, Theft Hits A Record, Reports Say

By MARK JEWELL, The Associated Press

Published: December 31, 2007

BOSTON - The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007. The trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information.

While companies, government agencies, schools and other institutions spend more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late.

"More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself.

Foley's group lists more than 79 million records reported compromised in the United States through Dec. 18. That's a nearly fourfold increase from the nearly 20 million records reported in all of 2006.

Another organization, Attrition.org, estimates that more than 162 million records were compromised through Dec. 21 - in the United States and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million last year.

"It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year," said Attrition's Brian Martin. "I imagine the total records compromised will steadily climb,"

The biggest difference between the groups' record-loss counts, however, is Attrition.org's estimate that 94 million records were exposed in a theft of credit card data at TJX Cos., owner of discount stores that include T.J. Maxx and Marshalls. The TJX breach accounts for more than half the total records reported lost this year on both groups' lists.

The Identity Theft Resource Center counts about 46 million, which is the number of records TJX acknowledged in March were potentially compromised. Attrition's figure is based on estimates from Visa and MasterCard officials who were deposed in a lawsuit banks filed against TJX.

With wireless data transmission more common, hackers are expected to target what many experts see as a major vulnerability. Eavesdroppers seem to learn how to bypass security safeguards faster than ever, said Jay Tumas, head of Harvard University's network operations.

"Within a year or two, these folks are catching up," Tumas said.

The two nonprofit groups' 2007 data show rising numbers of incidents in which employees lose sensitive data, as opposed to cases of hacking.

Besides TJX's problem, major 2007 breaches include lost data disks with bank account numbers in Britain, and a hacker attack of a U.S.-based online broker's database.
DATA BREACHES
Some major data breaches disclosed in 2007:

TJX Cos.: Discount retailer reports hackers broke into its computer systems and accessed at least 46 million customer records, primarily credit card data. Banks later sue TJX and estimate the breach involved at least 94 million records.

Britain's tax and customs department: Two computer disks containing personal information such as addresses and bank account numbers for about 25 million people were lost. The disks were sent via internal government mail to the government's audit agency, but never arrived.

Dai Nippon Printing Co.: Japanese commercial printing company says a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients.

Fidelity National Information Services: Check-authorizing subsidiary says information on 8.5 million consumers was stolen, allegedly by a former employee.

TD Ameritrade Holding Corp.: Online brokerage said one of its databases was hacked and contact information for its more than 6.3 million customers was stolen.

Monster Worldwide Inc.: Online job site discovered that con artists had grabbed contact information from resumes of 1.3 million people.

Associated Press

Share this:

* To:
Your Name:
Your Email Address:
Personal Message [optional]: