Feeds

Information security breaches quadrupled in 2007

Slippy fingers and leaky servers

High performance access to file storage

Personal information leaks reached unprecedented levels last year, according to a brace of studies out last week.

Lost laptops, insecure systems and mislaid discs means problems posed by the exposure of customer records are unlikely to disappear anytime soon. As in other areas of information security organisations are often reticent to invest in encryption and other security defences until they've been hit by a problem.

The San Diego-based Identity Theft Resource Center reckons more than 79m records were exposed in the US up to 18 December. The figures represent a fourfold increase on the organisation's estimate of 20m lost records in 2006. Increased reporting of breaches as well as greater volumes of data are among the factors accounting for the rise, AP reports.

Data handling has probably always been poor, but information security breach disclosure laws have pushed the issue out into the open.

Meanwhile, Attrition.org reckons 162m customer records were compromised worldwide in the year up to 21 December, compared to 49m lost records in 2006.

As well as taking into account the whole world instead of just the US, Attrition's estimate is higher because it reckons that 94m records were exposed by the theft of credit card data at TJX. Attrition.org's figures come from a lawsuit filed by TJX by banks. The Identity Theft Resource Center takes the 46m figure of potentially compromised credit card details TJX has publicly acknowledged. Hackers are reckoned to have obtained the credit card numbers after snooping on weakly encrypted wireless transmissions of customer information at two Marshalls stores in Miami, a security weakness they exploited to gain access to eventually gain access into TJX's central databases as part of a long-running attack that went undetected for months.

The TJX breach was by far the worst breach of 2007. Other major breaches of last year include the loss by the UK government of two unencrypted CDs containing the records of 25m child benefit claimants. ®

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.