Ryan Singel and Kevin Poulsen just put out a blog posting noting that we have just passed the 100 million mark for lost/stolen records which contain personal information.
This is, of course, only a milestone if one chooses to accept the ChoicePoint breach as the starting point for counting such losses. While, due to the efforts of PrivacyRightsClearinghouse.com, and the fact that the ChoicePoint breach did, in fact, mark the new era of Privacy awareness/concern, one must concede the point that the losses are underreported and likely pale in comparison with the ‘true’ count of compromised records.
One reader posted a reply on the WIRED blog pointing to other sources for breach data. These sources, by beginning the record-count prior to the ChoicePoint incident, estimate the loss at over 143 million records. The other sites mentioned are: Attrition.org and PogoWasRight.org.
Regardless of if we are at just over 100 million or over 143 million, it is clear that we will continue to get our collective stockings stuffed (sorry… I couldn’t resist a holiday pun) until we develop sound policies and processes around data protection. Many of the incidents resulting in data leakage are the result of innocent employees doing stupid things – this is the true “low hanging fruit” and can be partially addressed through awareness. Outside of that, we need to develop technical and procedural methods around access control and application/data defense (easier said than done).
Leave a Reply
Comments are moderated and will not appear until approved.