IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Many More Government Records Compromised in 2009 than Year Ago, Report Claims

Public-sector organizations see a drastic increase in breached records, but the number of data leaks appears to decline.

If you're bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit.

As of Tuesday, Dec. 1., the Identity Theft Resource Center (ITRC) reported 82 breaches in U.S. government and military organizations. Although the year isn't over, that's fewer than the 110 that occurred in 2008.

But here's the catch: The breaches so far in 2009 have compromised more than 79 million records, whereas fewer than 3 million were hacked in 2008. A sobering upswing, to say the least.

The ITRC publishes data breach information on its Web site, with updates coming most Tuesdays. The center publishes quarterly and annual reports on breaches in government and the military, and four other areas -- business, finance, health care and education. Breaches in government and military organizations are combined in the ITRC's tally.

Linda Foley, the center's founder and chairwoman, says the reported numbers show that government and military organizations need to be more vigilant about securing data when it's mobile.

"It's the same problem. Records are being exposed, so they're being hacked into; they're being lost; they're being put into laptops and carried around. Again, it comes back to, 'Why are they carrying information with them that they didn't need?'" she said.

The ITRC collects its data by mining breach reports that have been reported by reputable sources in news, television, radio and other media. Breaches are stratified into different categories; one breach can belong to more than one kind. They include accidental breaches, breaches caused by subcontractors, breaches caused by hackers, breaches caused by insider theft and breaches that occur when data is in the field. The report also records how many electronic records are compromised versus paper documents.

"I think what everybody needs to be doing across-the-board, No. 1 - encryption, or using a system that is not easily understood by someone who doesn't have a similar system," Foley advises.

She also recommends that government and military agencies centralize their information so it can be tracked and secured more easily.

The overall number of breaches across all sectors in the Dec. 1 data is 461 cases and about 222 million compromised records. The total number of breaches for 2008 numbered 656 and more than 35 million compromised records.

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.