Chronology of Data Breaches 2006:
Analysis


Send to PrinterSend to Printer

Copyright © 2007-2010
Privacy Rights Clearinghouse / UCAN
Posted February 1, 2007

 


  Analysis prepared by Beth Rosenberg
of Sandstorm.net

 
  Private Sector
(incidents n=126)		 Public Sector
(inc. military) (incidents n=114)		 Higher Education
(incidents n=52)		 Medical Centers
(incidents n=30)
Outside Hackers
15%
13%
52%
3%
Insider Malfeasance
10%
5%
2%
20%
Human/Software Incompetence
20%
44%
21%
20%
Theft (non-laptop)
15%
17%
17%
17%
Laptop Theft
40%
21%
20%
40%
 
Intra-Sector Incidents        
% affected private-sector companies in Fortune 100        
% affected private-sector companies in Fortune 500
9%
      
% US Federal agencies involved in public-sector breaches
23%
      
% US US Military agencies involved in public-sector breaches
19%
      
 
Incidents Involving Laptops
n=119 (37%)
      
% laptop theft where laptops were stolen from offsite
55%
      
% laptop theft where data was described as "encrypted" or "password-protected"
6%
      
% cases resulting in conviction/returned laptops
6%
      
Minimum number of PII potentially compromised by laptop theft
30,475,950
      
 
Incident Response        
Number and % incidents with "unknown" data losses, in addition to the 100,400,000+ reported
n=80, 23%
      
Total number and % incidents where delta between incident and notification was reported
n=119, 37%
      
Mean/median of delta (in days)
44/21
      
# and % organizations unwilling or unable to produce "hard numbers" of records affected (slightly different than #21 above)
n=90, 28%
      
 
Web Site Mistakes        
Number and % incidents in which PIIs were inadvertently posted to a publicly viewable Web site
n=28, 9%
      
Minimum number of PII compromised
1,240,572
      
% Web-based incidents in which an "unknown" number of PII were exposed
36%
      
% Web-based incidents in which offending data has reportedly been taken down
60%
      
% in which offending organization has refused to remove or modify data
7%
      
 
Total Number 2006 Reported Data Breach Incidents
327
      
Approximate Minimum Total # of PII Potentially Compromised in 2006
100,453,730
      
# Data-Breach Identity Thieves Sentenced in 2006
5
      
# Individual Victims of Sentenced Identity Thieves
238
      

 



  
Tags:
Copyright © Privacy Rights Clearinghouse/UCAN. This copyrighted document may be copied and distributed for nonprofit, educational purposes only. For distribution, see our copyright and reprint guidelines. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse.