Tabulating the number of records exposed is difficult because in 56% of the 2007 breaches reported, there was no accurate count of the number of records exposed.

Thomas Claburn, Editor at Large, Enterprise Mobility

January 2, 2008

2 Min Read

The year 2007 may or may not have been a record-setting year in terms of data breaches. Whether it was or wasn't depends on how one counts.

The Identity Theft Resource Center put the number of publicly reported data breaches in the United States at 446 for the year. It identified 312 data breaches in 2006 and 158 in 2005.

That appears to show an upward trend, if such a thing can hinge on a mere three data points, and that more data breaches occurred in 2007 than at any time since 2003, when data breach reporting laws like California's SB 1386 took effect.

But a blogger who insists on going by the name Dissent and maintains a blog that tracks data breaches insists the opposite is true.

Based on his or her analysis of data breach statistics compiled by three sources -- Attrition.org, Privacy Rights Clearinghouse, and the Identity Theft Resource Center -- Dissent points out inconsistencies in counting methodologies and argues that without the TJX breach (parent company to T.J. Maxx and others), which skews the statistics by virtue of its extreme size, two of the three sources show a decrease in data breach incidents and in records exposed.

Rex Davis, director of operations for the Identity Theft Resource Center, concedes Dissent makes some valid points, like the fact that the organization began counting paper-based data breaches in 2007.

But Davis also points out that tabulating the number of records exposed is difficult because in 56% of the 2007 breaches reported, there was no accurate count of the number of records exposed. "How can you say the number of records is going up or down when it's not reported?" he said.

Reasonable people can also disagree about the year in which data breaches should be counted. Davis said his organization prefers to go by the date of publication. "We chose the publication date for 2007 rather than the incident date," he said. "A lot of times we can't even get an incident data. TJX is great example."

But as Dissent points out, if TJX were counted in the year 2006 or 2005, 2007 would look at lot better.

While Dissent's assessment of data from Attrition.org and Privacy Rights Clearinghouse suggests a decline in the number of data breach incidents, the ITRC is sticking with its incident figures. "If you're talking about the number of events, it's the worst year we've been able to record, even if you add the 80 we left out in 2006," said Davis.

About the Author(s)

Thomas Claburn

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

See more from Thomas Claburn
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now