Wednesday, April 14, 2010

22 Banking Breaches So Far in 2010

There have been 173 reported data breaches so far in 2010, and 22 of these involve financial services companies.

This means that in less than one quarter of the year, we already have seen more than one-third of the 62 banking-related breaches reported in all of 2009.

The numbers are slightly skewed, says Linda Foley of the Identity Theft Resource Center (ITRC), the organization that tracks data breaches, because some of the 22 incidents actually occurred in 2009 but are just now being brought to light - particularly in Maryland, where the state's attorney general's office reported a slew of 2009 incidents on March 1 of this year. "I suspect there will be more [reports] coming," Foley says, "so the trend thus far is we're finally finding out about breaches that are just coming out."

But the new year's breaches are enough to convince observers that last year's trends are continuing. "2010 could be a tough year for everyone," Foley says.


>>  2010 Trends

If the breach trends do continue as they did in 2009, then financial service companies will continue to experience malicious hacking and insider theft. The challenge for organizations such as the ITRC is that many organizations fail to report their breaches. "The problem is: We're not trying to embarrass a company, but inform everyone of what is happening out there."

Based on what Foley says she's seen so far in 2010, much information has been lost, "so there's a real need for businesses to adopt policies to protect data."

Despite the Federal Trade Commission's work in promoting the ID Theft Red Flags Rule, Foley says many businesses still don't want to comply with the requirements. "If you don't want to protect it, then don't collect the data," she advises these organizations.

For those organizations that do buy into data protection, they must deputize their employees to take the responsibility seriously. "You should be telling your employees why it is important, so they buy into the wanting to actively protect data, and so they don't see it as another chore," Foley says.

No comments: