March came in like a data breach lion, with five new reported data breaches, according to the Privacy Rights Clearinghouse's Chronology of Data Breaches. These most recent data breaches add 86,762 to the known number of records exposed in data breaches since in just over four years, bringing that total to a staggering 253,488,925.
The reason for the emphasis of the terms “reported” and “known” is this: The number of reported data breaches is much lower than the actual total, as evidenced by recent surveys.
- In December 2008 the Ponemon Institute released the results of a survey in which 92% of information technology professionals said their company had experienced a data breach within the previous year.
- In October 2008 Logica, an information security company, announced that their survey of company executives showed only 40% of companies notify their customers of data breaches; only 50% report their data breaches to any law enforcement or government oversight agencies.
Further, many of the organizations that report data breaches cannot or will not reveal the number of compromised records. A powerful example of this is the Heartland Payment Systems data breach. Heartland claims they still don’t know how many records were hacked, however many information security experts expect that the number will exceed 100 million.
Here’s what we know about the five most recently reported breaches:
- A city employee in Muskogee, Okla. sold a zip drive as surplus in 2000 with personal information of 4,500 people on it.
- A server was hacked at Western Oklahoma State College, exposing the Social Security numbers of 1,500 library users.
- An Elk Grove Unified School District (Cal.) employee lost a document containing the Social Security numbers of 520 employees.
- An NYPD employee stole pension fund information of 80,000 current and former NYPD officers.
- A car belonging to a St. Rita’s Medical Center (Lima, Ohio) employee was broken into and a bag containing 242 patient files was stolen.