DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data Breaches: A Black Hole – ITRC

Posted on July 8, 2010 by Dissent

The Identity Theft Resource Center is singing to this choir.  Their most recent press release:

As of June 30th, The Identity Theft Resource Center® recorded 341 individual breaches for the first six months of 2010. Unfortunately, hundreds of breaches have been veiled from the public, delayed in publication, or not listed on any public lists. The question still remains: How many breaches and victims are there?

Despite a law stating all medical breaches involving more than 500 people must be listed on the Health and Human Services (HHS) breach list, ITRC recorded medical breaches which never made the list. Why? The HHS list allows a “risk of harm” loophole, without requiring federal law enforcement verification. One state’s recent breach list reported more than 200 breaches. Most are not included in the ITRC Breach Report because they did not include sufficient pertinent details regarding the event. Some states now harbor a protected breach list which is not made public at all, or is only accessible by exercising the Freedom of Information Act.

The ITRC has a clearly defined policy on what constitutes a breach: an event in which an individual name plus Social Security Number (SSN), driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format. Most agencies, state and federal, have a similar understanding of what constitutes a breach. Why is there such a disparity between the number of breach occurrences and the information made available to the public? Why is there not a greater effort for openness and transparency with the public? If an agency as small as the ITRC can publish a weekly breach list, then doing so is certainly within the abilities of any state or federal agency. The list posted by the New Hampshire Attorney General’s Office is a shining example of transparency in the interest of the public good.

It is important for the public, when becoming aware of the details of a data breach, to immediately have a broad understanding as to whether their personal information may be involved. Incomplete information feeds public fears and does not accomplish the intended transparency of most breach laws. This situation further encourages bad behavior on the part of companies who should be more concerned about the protection of the privacy of their customers. Consumers want to know if they are at risk from even a small breach. The details of a breach help determine their risk factors as well as guide them in proactive measures.

Since 2005, the ITRC has maintained a detailed breach list which is updated weekly. This list, and supplemental reports, allows the ITRC to compare data of known breaches and help form a partial picture of breach patterns. For 2010 we know:

  • 46% of all breaches do not disclose how many records were potentially affected
  • 38% of all known breaches didn’t disclose how the breach occurred
  • The business community accounted for 36% of all breaches, the highest category listed
  • 82% of all breaches were electronic and 18% were paper oriented
  • Data on the Move accounted for 17% of all breaches with the business community ranking highest. If added with Accidental Exposure (8%), 25% of data breaches were presumably non-malicious in nature
  • Insider Theft (17%) and hacking (17%) resulted in a combined total of 34% of breaches known to have occurred from malicious attacks.

ITRC and the public will not know the whole story about breaches until a public federal database is created listing all data breaches in detail. Until then, we teeter around the edge of a black hole getting only glimpses of light upon hidden breach events.

Category: Commentaries and Analyses

Post navigation

← Hacker in AT&T iPad case breaks gagging order
Cisco warns attendees that the Cisco Live database was hacked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.