{"id":268,"date":"2007-05-24T06:00:50","date_gmt":"2007-05-24T13:00:50","guid":{"rendered":"http:\/\/www.merchantaccountblog.com\/archives\/268"},"modified":"2007-05-24T08:01:33","modified_gmt":"2007-05-24T13:01:33","slug":"how-many-data-security-breaches-will-it-take","status":"publish","type":"post","link":"https:\/\/www.merchantequip.com\/merchant-account-blog\/268\/how-many-data-security-breaches-will-it-take","title":{"rendered":"How many data security breaches will it take?"},"content":{"rendered":"<p>I was checking out this <a href=\"http:\/\/www.privacyrights.org\/ar\/ChronDataBreaches.htm\">chronology of data security breaches<\/a> this last weekend, and I realized that the amount of breaches that have occurred is absolutely amazing. Over 150 Million records have been compromised in the past two and a half years, and this number doesn&#8217;t take into account the fact that the number of compromised records for about 1\/3 of the total number of breaches is unknown.<\/p>\n<p>From looking at this we can observe a few solid facts about data security breaches in general. First, the three most common reasons for data to be compromised are lost and stolen laptops and storage devices, disgruntled employees, and hacking. <\/p>\n<p><strong>The Top five data security breaches are:<\/strong><br \/>\nTJ Max (45.7M) &#8211; Massive long-term hack<br \/>\nCardSystems (40M) &#8211; Hacking of unencrypted data<br \/>\nU.S. Dept. of Veteran&#8217;s Affairs (28.6M) &#8211; Stolen laptop (No data has been used to date)<br \/>\niBill (17.7M) &#8211; Inside<br \/>\nGeorgia Dept. of Community Health (2.9M) &#8211; lost disk<\/p>\n<p><strong>These are breaches relating to banks and financial institutions:<\/strong><br \/>\nCardSystems (40M) &#8211; Hacking of unencrypted data<br \/>\niBill (17.7M) &#8211; Inside<br \/>\nCitiFinancial (3.9M) &#8211; Lost backup tapes<br \/>\nBank of America (1.2M) &#8211; Lost backup tape<br \/>\nWachovia, Bank of America (676,000) &#8211; Inside<br \/>\nProvidence Home Services  (365,000) &#8211; Stolen backup tapes<br \/>\nMortgage Lenders Network USA (321,000) &#8211; Inside<br \/>\nAmeriprise Financial Inc. (260,000) &#8211; Stolen laptop<br \/>\nAmeritrade (200,000) &#8211; Lost backup tape<br \/>\nFidelity Investments (196,000) &#8211; Stolen laptop<br \/>\nIowa Student Loan (165,000) &#8211; Lost laptop while being shipped<br \/>\nFirstrust Bank (100,000) &#8211; Stolen laptop<br \/>\nPeople&#8217;s Bank (90,000) &#8211; Lost computer tape<br \/>\nMoneyGram International (79,000) &#8211; Hacking<br \/>\nMercantile Potomac Bank (48,000) &#8211; Stolen laptop<br \/>\nJ.P. Morgan (47,000) &#8211; Tape drive missing<br \/>\nPayMaxx (25,000) &#8211; Accidentally exposed online<br \/>\nBank of America (18,000) &#8211; Stolen laptop<br \/>\nPremier Bank (18,000) &#8211; Stolen data<br \/>\nKeyCorp  (9,300) &#8211; Stolen computer<br \/>\nNorth Fork Bank, NY (9,000) &#8211; Stolen laptop<br \/>\nUniv. of Michigan Credit Union (5,000) &#8211; Stolen documents<br \/>\nChase Bank and the former Bank One (4,100) &#8211; Documents left in desk that was sold<br \/>\nTransUnion (3,623) &#8211; Stolen computer<br \/>\nAllState Insurance (2,700) &#8211; Stolen computer<br \/>\nEquifax (2,500) &#8211; Stolen laptop<br \/>\nSovereign Bank (Thousands) &#8211; Stolen laptops<br \/>\nWest Shore Bank (1,000) &#8211; Security break<br \/>\nWestborough Bank (750) &#8211; Inside<br \/>\nCeridian Corp (150) &#8211; accidentally posted personal data on website<br \/>\nCity National Bank (Unknown) &#8211; Lost backup tapes<br \/>\nJ.P. Morgan Chase &#038; Co. (Unknown) &#8211; Stolen laptop<br \/>\nJ.P. Morgan (Unknown) &#8211; Information found in trash<br \/>\nBank of America (Undisclosed) &#8211; Stolen Laptop<br \/>\nBank of America (Unknown) &#8211; Internet by former contractor<br \/>\nBank of America (Limited Number) &#8211; Stolen laptop<br \/>\nLa Salle Bank, ABN AMRO Mortgage Group (2M) &#8211; DHL lost but later found backup tape<br \/>\nWells Fargo (Unknown) &#8211; Stolen computer<br \/>\nM&#038;T Bank (Unknown) &#8211; Stolen laptop<br \/>\nMatrix Bancorp Inc.(Unknown) &#8211; Stolen laptops<br \/>\nU.S. Bank (Small Amount) &#8211; Stolen briefcase<br \/>\nVISA\/FirstBank (Unknown) &#8211; Visa card processor&#8217;s compromised data<br \/>\nHome Finance Mortgage, Inc. (Unknown) &#8211; Accidentally discarded files<br \/>\nColumbia Bank (Unknown) &#8211; Hacking<\/p>\n<p><strong>How we can stop all of this:<\/strong><br \/>\nThe current focus on data security seems to resolve around PCI \/ CISP compliance and keeping data protected and properly stored. In truth, not storing sensitive data on portable devices would do far more good. The biggest reason of data compromise is stolen or lost laptops containing sensitive information on them. Many of the stolen incidents were from a personal vehicle or their home. Five data loss incidents by a single company (Bank of America) is completely unacceptable. Companies, especially ones where trust is a huge factor (Banks) need to take a much more serious approach to securing information. Only three of these data losses at financial institutions were due to hacking. There really is no excuse for the rest of them.<\/p>\n<p>The next thing that I find particularly upsetting is that a huge overall percentage of the laptops and portable storage related losses were from government agencies, and the majority of all losses happened at universities or other educational institutions. Our government and educational institutions are obviously not being cautious enough with personal information. I wont list all of these because it would take about 10 pages to get them all in.<\/p>\n<p>The bottom line is that everyone needs to take some common sense precautions to data security. The newest two million bit encryption, and all the security in the world isn&#8217;t going to help when an employee looses a laptop with sensitive information on it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was checking out this chronology of data security breaches this last weekend, and I realized that the amount of breaches that have occurred is absolutely amazing. Over 150 Million records have been compromised in the past two and a half years, and this number doesn&#8217;t take into account the fact that the number of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,1],"tags":[],"class_list":["post-268","post","type-post","status-publish","format-standard","hentry","category-fraud","category-merchantaccounts"],"_links":{"self":[{"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/posts\/268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/comments?post=268"}],"version-history":[{"count":0,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/posts\/268\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/media?parent=268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/categories?post=268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/tags?post=268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}