39 Breaches in 1st Half of 2010

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

June 28, 2010 - Linda McGlasson, Managing Editor

Already in the first six months of 2010, financial institutions have been involved with more than half the total data breaches they suffered in 2009 - and experts don't see the pace decreasing.

"I always say that our data base list is the tip of the iceberg," says Linda Foley of the Identity Theft Resource Center (ITRC), the organization that tracks data breaches.

Through June 25, there have been 325 reported data breaches so far in 2010 -- 39 of them involving financial services companies. The number of records reported taken thus far totals more than 8.3 million.

This means that in the first half of the year, there have already been more than half of the total 62 financial services industry-related breaches reported last year.

See an interactive timeline of 2010's data breaches.

Good News, Bad News

The good news is that financial services industry does not take the top spot for data breaches reported. Of all the breaches reported so far this year, only 11.1 percent involve financial services. The top three breached industries are:

• Business - 36 percent;
• Healthcare - 29.2 percent;
• Government, military - 16.9 percent.

At the bottom of the list is education, with only 7 percent of all breaches reported.

The increasing number of credit card-related breaches at businesses, retailers, hotels and restaurants is why the business sector is at the top of the list for breaches in the first half of the year, Foley says. "We're seeing a lot of retail, hotel and restaurants being hacked into somewhere between the point of sale and the card processing server," she says.

Foley attributes the rise in percentages of healthcare incidents to the recent enactment of federally-mandated breach reporting requirements. Increasingly, breaches are caused by hacking, insider theft, and a great deal of accidental loss, she adds -- especially in the healthcare industry, where missing laptops have increased in the first half 2010.

The real number of breaches isn't known. In talking with security companies that handle data breach notifications for companies that have been breached, Foley hears that there are a lot more breaches out there that go unreported.

2010 Breach Trends

Unlike last year, there is no major "headline" breach such as the Heartland Payment Systems hack -- the biggest ever reported.

Still, security and privacy experts see data loss trends remaining at about the same rate as 2009. David Navetta, a partner at the InfoLaw Group, sees the continued targeting of credit cards by criminal elements. "This probably also means more ACH fraud and attempts to breach the security of online banking," says Navetta,. He predicts there also will be many more social engineering-oriented attacks targeted "at social networks and individuals and companies that use them."

Larry Ponemon, president of Ponemon Research Institute, sees a continuing rise in healthcare breaches. Healthcare companies, including insurers, will see more data breaches because of new compliance requirements that demand greater vigilance and penalties for failing to properly notify breach victims, he says. "These new compliance requirements appear to have heightened privacy and data protection practices for healthcare providers and business associates."