Weekly analysis – 30th January 2010 to 6th February 2010

No Comments

MillerSmiles provides its weekly phishing analysis for the week of 30th January 2010 to 6th February 2010

Excerpt from:
Weekly analysis – 30th January 2010 to 6th February 2010

Share/Save/Bookmark

2008 data breach total soars: report

No Comments

Businesses, governments and educational institutions says there were 50% more data breaches in 2008 than in 2007 with the personal records of at least 35.7 million Americans at risk, according to a new study.

The  Identity Theft Resource Center reported 656 breaches at the end of 2008, “reflecting an increase of 47% over last year’s total of 446,” it says, going on the financial, banking and credit industries, “have remained the most proactive groups in terms of data protection over all three years”

The Government/Military category has dropped nearly 50% since 2006, moving from the highest number of breaches to the third highest, says the ITRC, but, “the business community still needs to enhance and enforce data security measures”.

Only 2.4% of all breaches had encryption or other strong protection methods in use, and only 8.5% of reported breaches had password protection, says the study.

“It is obvious that the bulk of breached data was unprotected by either encryption or even passwords,” it states, continuing:

Sadly, these trends continue to plague companies and government alike, despite education on safer information handling, new laws and regulations.   Mal-attacks, hacking and insider theft, account for 29.6% of those breaches that reported the causal factor.   Insider theft, now at 15.7%, has more than doubled between 2007 and 2008.   On the other hand, data on the move and accidental exposure, both human error categories, showed noteworthy improvement, but still account for 35.2% of those breaches that indicate cause.

Electronic breaches (82.3%) continue to outnumber paper breaches (17.7%).   While there were 35.7 million records potentially breaches according to the notification letters and information provided by breached entities, 41.9% went unreported or undisclosed making the total number of affected records an unreliable number to use for any accurate reporting.

The ITRC strongly advises all agencies and companies to:

  • Minimize personal with access to personal identifying information.
  • Require all mobile data storage devices that contain identifying information encrypt sensitive data.
  • Limit the number of people who may take information out of the workplace, and set into policy safe procedures for storage and transport.
  • When sending data or back-up records from one location to another, encrypt all data before it leaves the sender and create secure methods for storage of the information, whether electronic or paper.
  • Properly destroy all paper documents prior to disposal.   If they are in a storage unit that is relinquished, ensure that all documents are removed.
  • Verify that your server and/or any PC with sensitive information is secure at all times.   In addition to physical security, you must update anti-virus, spyware and malware software at least once a week and allow your software to update as necessary in between regular maintenance dates.
  • Train employees on safe information handling until it becomes second nature.

Original post:
2008 data breach total soars: report

Share/Save/Bookmark