DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data Breaches: A Black Hole – ITRC

Posted on July 8, 2010 by Dissent

The Identity Theft Resource Center is singing to this choir.  Their most recent press release:

As of June 30th, The Identity Theft Resource Center® recorded 341 individual breaches for the first six months of 2010. Unfortunately, hundreds of breaches have been veiled from the public, delayed in publication, or not listed on any public lists. The question still remains: How many breaches and victims are there?

Despite a law stating all medical breaches involving more than 500 people must be listed on the Health and Human Services (HHS) breach list, ITRC recorded medical breaches which never made the list. Why? The HHS list allows a “risk of harm” loophole, without requiring federal law enforcement verification. One state’s recent breach list reported more than 200 breaches. Most are not included in the ITRC Breach Report because they did not include sufficient pertinent details regarding the event. Some states now harbor a protected breach list which is not made public at all, or is only accessible by exercising the Freedom of Information Act.

The ITRC has a clearly defined policy on what constitutes a breach: an event in which an individual name plus Social Security Number (SSN), driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format. Most agencies, state and federal, have a similar understanding of what constitutes a breach. Why is there such a disparity between the number of breach occurrences and the information made available to the public? Why is there not a greater effort for openness and transparency with the public? If an agency as small as the ITRC can publish a weekly breach list, then doing so is certainly within the abilities of any state or federal agency. The list posted by the New Hampshire Attorney General’s Office is a shining example of transparency in the interest of the public good.

It is important for the public, when becoming aware of the details of a data breach, to immediately have a broad understanding as to whether their personal information may be involved. Incomplete information feeds public fears and does not accomplish the intended transparency of most breach laws. This situation further encourages bad behavior on the part of companies who should be more concerned about the protection of the privacy of their customers. Consumers want to know if they are at risk from even a small breach. The details of a breach help determine their risk factors as well as guide them in proactive measures.

Since 2005, the ITRC has maintained a detailed breach list which is updated weekly. This list, and supplemental reports, allows the ITRC to compare data of known breaches and help form a partial picture of breach patterns. For 2010 we know:

  • 46% of all breaches do not disclose how many records were potentially affected
  • 38% of all known breaches didn’t disclose how the breach occurred
  • The business community accounted for 36% of all breaches, the highest category listed
  • 82% of all breaches were electronic and 18% were paper oriented
  • Data on the Move accounted for 17% of all breaches with the business community ranking highest. If added with Accidental Exposure (8%), 25% of data breaches were presumably non-malicious in nature
  • Insider Theft (17%) and hacking (17%) resulted in a combined total of 34% of breaches known to have occurred from malicious attacks.

ITRC and the public will not know the whole story about breaches until a public federal database is created listing all data breaches in detail. Until then, we teeter around the edge of a black hole getting only glimpses of light upon hidden breach events.

Category: Commentaries and Analyses

Post navigation

← Hacker in AT&T iPad case breaks gagging order
Cisco warns attendees that the Cisco Live database was hacked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.