Reported data breached records in US from 2005 to present exceed 500 million

Reported data breached records in US from 2005 to present exceed 500 million

Summary: You probably are more than a little paranoid about giving out your social security number but that risk is just the tip of the iceberg. Data breaches over the past eight-and-a-half years put millions of people at risk.

SHARE:
TOPICS: Security, Privacy
1

It's hard to wrap your head around a half billion anything isn't it? Although I could probably wrap my head around a half billion dollars in money with some ease, it's hard for me to think of that many of anything else. From 2005 to present, there are a reported 535,267,233 records of data* breached by various means in the US alone. To put that number in perspective, that's 1.7 times the total population of the US. And please note a significant word in the title of this post, "Reported." That's right, reported. Many, or perhaps most, of the breaches that have occurred over the past decade have no reported number of records associated with them. They're designated as "Unknown."

Comforting isn't it?

No?

No, it isn't.

It's no wonder that identity theft is at an all-time high, new security companies pop up everyday, and new government task forces attempt to quell the ongoing threat.

If our cyber security task forces are as effective as our "War on Drugs" and "War on Cancer" have been over the past 40 years, we're in for a lot of trouble.

I think it's safe to say that your data is at risk and there's not much you can do about it. That is unless you want to totally go "off the grid" and live a life of solitude.

Reported Data Breached Records by Year

  • 2005 - 66,853,201
  • 2006 - 19,137,844
  • 2007 - 127,717,243
  • 2008 - 35,691,255
  • 2009 - 223,146,989
  • 2010 - 16,167,542
  • 2011 - 22,918,441
  • 2012 - 17,491,690
  • 2013 - 6,413,028
  • Total - 535,267,233

Note 2007 and 2009 account for more than half the records in those two years alone. Of course, 2013 isn't over yet. 2005's records are approximately one-half the number of records as 2007. Remember that these are reported numbers of records, which means that we really have no idea how many actual records have been compromised. These numbers are real but they do not represent all of the compromised records over the past nine years.

"Surprising for 2009, out of 498 breaches, only six reported that they had either encryption or other strong security features protecting the exposed data."

If these numbers don't alarm you, then maybe you know something that the rest of us don't. 

The numbers alarm me for several reasons. 

One is that it doesn't matter how good my personal passwords are, the data breaches happen upstream at the data holder's location. Second, is that I have no control over how secure my information is at credit card companies, banks, restaurants, hospitals, or online vendors. Third is what happens to the data after it's stolen. Is it sold? Is it destroyed? Do the data thieves attempt to use the information or was it just to send a message?
Fourth is that I wonder how many non-reported records have been stolen? I suspect it's at least half again as many as those reported, so that means that 750 million records are at risk.
Fifth is why most of the breaches that occur go generally unreported, unnoticed, and the severity underestimated or underreported. Disturbing at best.
Finally, the numbers alarm me because it seems that short of going off the grid, there's nothing I can do about it. That's the worst part. I hope that companies that store passwords and account data keep it encrypted at a very high level. Otherwise, our economy is likely to suffer a big hit if a large criminal element is behind it all. And your personal economy stands to suffer even if there's a single responsible entity.

"...paper breaches do not trigger breach notifications in most states, so consumers are not alerted to the fact that there personal identifying information has been exposed."

The other really disturbing part is that, if each record represents one account, and I'm assuming that it does, then that means that just about everyone who lives in the US is at risk of having at least one part of his or her data hijacked from multiple sources. It also means that absolutely no one's data is safe.

Colleges, cities, government sites, healthcare facilities, and private businesses have all been compromised in some way. And don't believe that it's all due to hacking over the public Internet either. It isn't. There are multiple methods that data thieves steal information:

  • Data on the move
  • Accidental exposure
  • Insider theft
  • Subcontractors
  • Hacking

And the data doesn't have to be electronic in nature. Many of the data breaches involve paper, so technology isn't 100 percent to blame. In 2009, more than 25 percent of the reported compromises were paper breaches. As late as 2011, paper breaches do not trigger breach notifications in most states, so consumers are not alerted to the fact that there personal identifying information has been exposed. Surprising for 2009, out of 498 breaches, only six reported that they had either encryption or other strong security features protecting the exposed data. 

Are you disturbed yet?

How about some of these statistics?

2009: Business sector breaches climbed from 21% to 41% between 2006 to 2009.

2011: Nearly 62 percent of the breaches involved Social Security Number exposure.

In 2012, the last full year of data available, the electronic breach statistics break down as:

  • Banking/Credit/Financial - 470,048 records
  • Business - 4,609,793 records
  • Educational - 2,315,912 records
  • Government/Military - 7,714,109 records
  • Medical/Healthcare - 2,246,560 records

Without attempting to spread rampant fear or hysteria, you do need to be concerned and you should check your credit report annually, your bank and credit card accounts monthly (more often if you have online access), and any other accounts in which you transfer or manage funds, credit, or identity through.
You should also check your Social Security statement at least on an annual basis to be sure that no one else is using your account. If you feel that your data has been compromised or are a victim of identity theft, contact the Identity Theft Resource Center and your local law enforcement for assistance.

What do you think of the data? Do you think that you're at risk? What are your options for dealing with the risk? Talk back and let me know.

*Source: Identity Theft Resource Center.

Topics: Security, Privacy

About

Kenneth 'Ken' Hess is a full-time Windows and Linux system administrator with 20 years of experience with Mac, Linux, UNIX, and Windows systems in large multi-data center environments.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Nice article

    Although cited, the Identity Theft Resource Center, appears to use statistics gathered by:
    www.databreaches.net (aka Office of Inadequate Security, Pogowasright)
    http://datalossdb.org
    California Attorney General's Office
    Maryland Attorney General's Office
    New Hampshire Department of Justice
    Privacy Rights Clearinghouse
    Vermont Attorney General's Office

    Plus statistics diligently gathered by Privacy Rights Clearinghouse
    https://www.privacyrights.org/data-breach

    Gathering and maintain these references is difficult and would like to commend those that have done the leg work.
    PhilAgcaoili