With the Privacy Data Clearinghouse reporting that the number of data records lost has surpassed the 100 million mark you’d think the organizations that hold our data would be shamed into better security practices.
Not quite. Preventing data breaches isn't impossible. Making companies care is impossible. I've proposed stiffer penalties, created a hall of shame and cooked up all sorts of ways to prod companies to protect our data better--all to no avail. Bottom line: It's cheap to be a data pack rat so companies just collect it without any concern over the security risks.
With that glass-half empty backdrop here's a look at the year in data breaches. The data comes from Attrition.org, which provides its data breach database to anyone that wants to download it. Data is through Dec. 17.
327: Number of data breach events in 2006. That's up from 136 in 2005.
112: Entities with data breaches that were considered businesses by Attrition.org.
81: Number of educational organizations with data breaches.
98: Number of government (state, local, federal) hit with data breaches.
36: Number of medical institutions with breaches.
22: Number of repeat offenders in 2006. Note that sum could be higher depending on how you count repeaters. For instance, I didn't count Georgetown University and Georgetown University Hospital as one entity.
129: Number of data losses due to stolen property such as laptops and laptops.
220: Number of data losses that were the result of outside actions compared to 104 that were inside issues. The remainder was unknown.
3: Number of confirmed consumer lawsuits as a result of a data breach.
12: Cases where data was partially or fully recovered.