Government Technology

Incomplete Data Breach Reporting Makes Tracking Hacks Tough, Organization Says


January 20, 2010 By

Cyber-security's always a hot topic because people always worry about keeping data safe, but concerned parties may be missing out on the whole story when it comes to how many, or how few, data breaches happen at any given time.

The Identity Theft Resource Center (ITRC), an organization that collects information about data breaches from media sources and government notification lists, publishes data breach reports and researches IT security in public- and private-sector entities. But according to Linda Foley, who founded the center with her husband Jay Foley, it's difficult to provide a clear picture of how secure the cyber-world is because breached organizations aren't upfront enough when they've been breached and how badly.

"Breached entities, No. 1, are afraid of the consequences. They're afraid that their reputation will be damaged, of fines they might incur, of the repercussions of a trust issue," she said.

The ITRC issued a press release on Jan. 8, 2010, titled, Data Breaches: The Insanity Continues, citing the lack of a single data breach list requiring mandatory public reporting. Foley feels that this might change if the law intervened and forced organizations to step up.

"It takes law enforcement response. It takes the response of someone sitting there and saying, 'What are you going to do about it?'" she said.

The ITRC's 2009 Data Breach Report recorded more than 222 million potentially compromised records last year in 498 breaches, but in more than 52 percent of the breaches, the victimized organizations didn't disclose how many records were affected. So that 222 million? That only accounts for the breaches people wanted to talk about in public.

The insanity in this case is how difficult it is to count breaches in these circumstances. But of the data the ITRC has, breaches in the business sector number at 205 of 498 reported breaches in 2009, 41.2 percent. That's a larger concentration than in 2008, when business breaches numbered at 241 of 657 breaches, 36.7 percent. Government and military breaches constituted 90 of 498 breaches in 2009, for 18.1 percent. That's a smaller concentration than the 2008 figure, when that sector had 110 out of 657 for 16.7 percent.

Foley said many of the breaches can be reduced with better encryption and redaction, and she's hopeful that upcoming legislation can make better breach reporting required by law. S. 139, which was introduced by Sen. Dianne Feinstein, D-Calif., would required federal agencies and people involved in interstate commerce to disclose breaches of data containing personally identifiable information. The bill has passed through committee and is on the legislative calendar.

 


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
Meeting Constituents Where They Are With Dynamic, Real-Time Mobile Engagement
Leveraging the proven and open Kofax Mobile Capture Platform, organizations can rapidly integrate powerful mobile engagement solutions across the spectrum of mobile image capture, mobile data capture and complete mobile process integration. Kofax differentiates itself by extending capture to mobility, supporting multiple points of constituent engagement. Kofax solutions dynamically orchestrate the user’s mobile experience from a single platform—reducing time to market, improving process perf
Public Safety 2019
Motorola conducted an industry survey on the latest trends in public safety communications. The results provide an outlook of what technology is in store for your agency in the next five years. Download the results to gain this valuable insight.
View All

Featured Papers