I ran across a good article on a TechTarget site, SearchSecurity.com, titled "For data minders, 2007 was a year of living dangerously" that provided some frightening information on how many data breaches occurred or were revealed in 2007. According to the article and information obtained from Privacy Rights Clearinghouse (PRC); the number of exposed records had exceeded 217 million!
PRC, a non-profit consumer information and advocacy organization, has a "Chronology of Data Breaches" section on their site that details breaches from 2005, 2006 & 2007 and is updated about every two weeks. 2007 was not a good year for the retailer, TJ Maxx (NYSE: TJX) and I don't think it was so much the fact that customer information was compromised, but how they dealt with the breach afterwards:
"When TJX first disclosed its data breach in January, the retailer came under heavy criticism for what many considered a sloppy response. The company didn't disclose the breach until a month after it was first discovered, and few accepted its explanation that investigators recommended the period of silence. TJX also seemed to have trouble getting an accurate assessment of the damage. For example, the company initially said that attackers had access to its network between May 2006 and January 2007. Later it admitted that thieves were inside the network several other times, beginning in July 2005. The came word that the stolen data covered transactions dating all the way back to December 2002."
The latest update on this data breach estimates TJX expenses at $500 million to $1 billion. In a settlement with VISA USA, TJX will pay a maximum of $40.9 million to fund an alternative recovery payments program for customers affected by the breach. At least 19 lawsuits have been filed, and there are investigations underway by the Federal Trade Commission and 37 state Attorneys General.
What I found really interesting in the article is that there seems to be a change in mindset from how to prevent a breach, which could be viewed as inevitable, to how to develop a good response plan. Also, how encryption technology for mobile users can help prevent a breach:
"...it's still possible to prevent a breach with some common-sense technological measures. The best example reflects the growing trend of laptops getting stolen or lost. If companies automatically used full-disc encryption on the devices, the loss of one would become a much smaller issue."
So, considering how bad 2007 was for data breaches, what will your ounce of prevention or pound of cure be in 2008? Are there simple measures you can take to ensure the integrity of your customer data? Are you retaining more data than is prudent? Have you developed a good response plan for a data breach?
» Threat Thursday: Data Breaches in 2008 from ITechTips
At the end of 2007 I posted Threat Thursday: Data Breaches of 2007 to give everyone a feel for how frighteningly commonplace data breaches were becoming. We had read about some of the larger ones that occurred at retailer, TJ Maxx... [Read More]
Tracked on: February 9, 2008 8:16 AM | Permalink to Trackback