Security Breaches of Past and Present Years Has Many Concerned

In 2010 alone the Identity Theft Resource Center (ITRC) has calculated over 400 total security breaches that has resulted in over 13 million records being compromised. The breach of these records over the years, containing vast amounts of personal information such as social security numbers, addresses, names and numbers, has prompted ITRC to push for stricter enforcement of current security policies to prevent potential incidents from occurring as frequently. These incidents include "data on the move" breaches, accidental exposure, insider theft, and hacking.

A complete list of breaches can be found here:
http://www.idtheftcenter.org/ITRC Breach Stats Report 2010.pdf

A "data on the move" breach, usually applies to potable devices, such as usbs, laptops or smartphones, that have access to or have the ability to obtain confidential information. The difficulty in securing this type of breach is that the data or devices are not necessarily secure at all times as they are not within a secure area but are instead in the hands of an individual who is traveling. Leaving a laptop for only a few minutes can result in a potential breach of confidential information for a company which can then lead to serious legal and financial problems. There have even been cases where data has been copied from these portable devices. In order to guard against this, business often use encryption and password systems to protect the information. This is not a fool-proof system however, as loss or unintentional revelation of passwords can render encryption useless.

Accidental Exposure and Insider Theft involve confidential information being exposed to those who are not authorized to use it. While accidental is just that, insider theft involves someone inside an organization actively giving our confidential information. Accidental Exposure is typically prevented by educating employees of security policies. Insider Theft is more difficult to prevent by the fact that the thief is a trusted employee. In many cases business will limit who is allowed to do what with certain kinds of information as well as limit certain users abilities and permissions within a system. However, this is not always successful such as the 2009 security breach involving Bank of America and Countrywide Financial.

http://www.databreaches.net/?p=3447

Hacking is the unauthorized use of computers and network resources. A "hacker" will often take advantage of a system lack of integrity. This can include poor configurations, weak passwords, unpatched systems or disabled security controls. Wade Baker, Director of Research and Intelligence, Verizon Business states, "The majority of breaches occur on the Windows platform, but it is certainly not exclusive. Based on our experience, most breaches do not exploit patchable vulnerabilities but rather poor configuration. When we do see vulnerability exploits, they aren't 'zero days' and, in fact, the patch has usually been available for over a year. The above is especially true for the larger breaches." Hacking is often prevented by making sure systems, passwords and configurations are up to security standards.

The inherent problem of breaches still remains, the most current examples being the facebook breaches and the Wikileaks scandal. When individuals are no longer in charge of their own personal information, they are putting a tremendous amount of trust into the hands of a person they have probably never met. These people could have malicious intentions or honorable ones. Nevertheless this situation has the potential to lead to confidential information being released into the hands of those who will misuse it or potentially expose it to others. It should also be noted that exact numbers of confidential reports released from these security breaches are never completely reported. In this case the numbers could be lower or potentially higher than estimated. The distressing issue behind these security breaches is that a great majority of them are due either to the lax security policies of the businesses involved or to an individual who exposed the information to another party. This type of breach is concerning as more and more information is being stored as digital media and put into the hands of a third party. This lack of ability to personally attest to the security of one's information has many experts concerned and has put many people on edge.

While it cannot be said for certain if the number of breaches are increasing, as a large majority are never discovered or never revealed, it can be said that the release or loss of millions of records containing confidential information is concerning. Currently there is no way to completely state how much information is being illegally accessed or sold to others with malicious intents. We cannot even say how much information was being access before any of the announced breaches were discovered. Because the information is digital and not physical, acquisition can be as simple as copying the data, logging onto a machine or sending an email.

Sources: http://www.examiner.com/information-security-in-boston/almost-13-million-records-breached-2010-so-far?cid=oneriot
http://www.networkworld.com/community/node/63960
http://www.databreaches.net/?p=3447
http://www.idtheftcenter.org/ITRC Breach Stats Report 2010.pdf
http://www.idtheftcenter.org/