|
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Private Sector (incidents n=126) |
Public Sector (inc. military) (incidents n=114) |
Higher Education (incidents n=52) |
Medical Centers (incidents n=30) |
|
| Outside Hackers | 15% |
13% |
52% |
3% |
| Insider Malfeasance | 10% |
5% |
2% |
20% |
| Human/Software Incompetence | 20% |
44% |
21% |
20% |
| Theft (non-laptop) | 15% |
17% |
17% |
17% |
| Laptop Theft | 40% |
21% |
20% |
40% |
| Intra-Sector Incidents | ||||
| % affected private-sector companies in Fortune 100 | ||||
| % affected private-sector companies in Fortune 500 | 9% |
|||
| % US Federal agencies involved in public-sector breaches | 23% |
|||
| % US US Military agencies involved in public-sector breaches | 19% |
|||
| Incidents Involving Laptops | n=119 (37%) |
|||
| % laptop theft where laptops were stolen from offsite | 55% |
|||
| % laptop theft where data was described as "encrypted" or "password-protected" | 6% |
|||
| % cases resulting in conviction/returned laptops | 6% |
|||
| Minimum number of PII potentially compromised by laptop theft | 30,475,950 |
|||
| Incident Response | ||||
| Number and % incidents with "unknown" data losses, in addition to the 100,400,000+ reported | n=80, 23% |
|||
| Total number and % incidents where delta between incident and notification was reported | n=119, 37% |
|||
| Mean/median of delta (in days) | 44/21 |
|||
| # and % organizations unwilling or unable to produce "hard numbers" of records affected (slightly different than #21 above) | n=90, 28% |
|||
| Web Site Mistakes | ||||
| Number and % incidents in which PIIs were inadvertently posted to a publicly viewable Web site | n=28, 9% |
|||
| Minimum number of PII compromised | 1,240,572 |
|||
| % Web-based incidents in which an "unknown" number of PII were exposed | 36% |
|||
| % Web-based incidents in which offending data has reportedly been taken down | 60% |
|||
| % in which offending organization has refused to remove or modify data | 7% |
|||
| Total Number 2006 Reported Data Breach Incidents | 327 |
|||
| Approximate Minimum Total # of PII Potentially Compromised in 2006 | 100,453,730 |
|||
| # Data-Breach Identity Thieves Sentenced in 2006 | 5 |
|||
| # Individual Victims of Sentenced Identity Thieves | 238 |
|||
| Copyright © 2006. Privacy Rights Clearinghouse/UCAN. For distribution of this fact sheet, see our copyright and reprint guidelines. This copyrighted document may be copied and distributed for nonprofit, educational purposes only. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse. This fact sheet should be used as an information source and not as legal advice. PRC fact sheets contain information about federal laws as well as some California-specific information. Laws in other states may vary. Overall, our fact sheets are applicable to consumers nationwide. Privacy Rights Clearinghouse, 3100 - 5th Ave., Suite B, San Diego, CA 92103. Web: www.privacyrights.org Contact us: www.privacyrights.org/preinquiry.htm |
