DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Break’s over: after decline in 2009, breach reports appear to rise in 2010

Posted on August 3, 2010 by Dissent

The Verizon breach analysis report released this past week reported declines in 2009 in both the number of records compromised and the number of breaches Verizon was asked to investigate.   Their reported decline in number of breaches has some confirmation in reports from the Privacy Rights Clearinghouse and the Identity Theft Resource Center, who had also noted declines in number of reported breaches in 2009. But where Verizon’s report suggests that the number of records compromised in 2009 declined from 2008 levels, both PRC and ITRC had reported significant increases in their records measures that year. Without knowing more about specific cases included in the Verizon-USSS data set, it is impossible for me to fully account for the discrepancy. But keeping in mind that Verizon-USSS are usually dealing with compromised records and not just exposed records, the National Archives Records Administration incident exposing 76,000,000 records that was included in the PRC and ITRC figures might be the source of much of the discrepant findings.

But was 2009 just an anomaly? Here’s how I see 2010 shaping up:

More Breach Reports

  • The Privacy Rights Clearinghouse (PRC) shows that for 2010 to date, they have already recorded 328 breaches. For all of 2009, they had reported 252 incidents. This year, PRC started using DataBreaches.net and PHIprivacy.net to fuel their chronology.  Adding those two resources seems to have significantly increased their number of reported incidents. Whether the additional resources plus the new HHS resource explains all of the increase, however, is doubtful.
  • Similarly, the Identity Theft Resource Center (ITRC), which was already using DataBreaches.net and PHIprivacy.net, reports 385 incidents for 2010 to date, compared to 498 breaches for all of 2009.  At least some of the apparent increase may be due to the new U.S. Department of Health & Human Services resource, but:

Based on the year-to-date figures and the fact that we are as yet missing reports from one of our regular primary sources (Maryland), it does appear that the number of incidents disclosed will be significantly higher for 2010 than for 2009 and is likely to surpass 2008, a year in which ITRC recorded 656 incidents.

Fewer Records Exposed

Although the number of breach reports being disclosed appears to be increasing this year compared to last year and previous years, the number of records involved seems to have declined significantly from 2009. PRC reports 12,797,957 records exposed so far in 2010 for those breaches for which they have numbers, while ITRC reports 13,067,157 records exposed to date for 2010. At this rate, and barring any “monster” breach disclosures during the remainder of this year, the total number of records exposed for 2010 may not only be significantly less than what PRC and ITRC reported in 2009, but may also be less than what was reported in 2008.

Fingers crossed.

Category: Breach IncidentsCommentaries and AnalysesOf Note

Post navigation

← HHS Dismisses AHF Complaint, Closes AIM Investigation
Closing a Door on Child Identity Theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.