September 2011: Over 10m US Personal Records Potentially Compromised

A recent press release by the identity-theft protection company IdentityHawk reports that this past September, they counted 54 data breaches that saw 10,461,621 records potentially compromised, as compared to August, which had 44 reported data breaches and 678,614 records reportedly placed at risk. According to the latest count (PDF) at the Identity Theft Resource Center, as of the 18th of October, there have been 327 reported data breaches originating in the US so far this year resulting in 22,237,610 potentially compromised records.

A potentially compromised record is defined by the Identity Theft Resource Center as:

"... an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk - either in electronic or paper format."

As a comparison, last year the Identity Theft Resource Center reported a total of 662 breaches resulting in 16,167,542 potentially compromised records. The year 2009 still hold the record with over 222 million records potentially compromised, mostly due to the Heartland Payment and US veterans' records data breaches.

According to the IdentityHawk release, about 27% of the data breaches reported so far this year were from known hacking.

Some compromised records that have not yet been added to the Identity Theft Resource Center are the 2,000 or so personal records of police officers were acquired by hacktivists claming to be from Anonymous in support of the Occupy Wall Street protests.

According to this story in ComputerWorld, the hacktivists:

"... attacked web sites in Massachusetts and Alabama, including the Boston Police Patrolmen's Association, International Chiefs of Police (IACP), sites run by forces in Birmingham and Jefferson counties in Alabama, and a web company called the Matrix Group which manages the sites."

"In addition to web defacement, the raid netted the attackers 600MB of data from the IACP, including the names and passwords for 1,000 Boston police staff, and the names, addresses, ranks, social security numbers, and phone numbers for another 1,000 officers in Alabama."

The hacktivists claimed that the attack was in response to "acts of aggression" against Occupy protestors. Attacking police web sites in retaliation for perceived police wrong-doing is becoming a common tactic by Anonymous members or followers.

 

Photo: iStockphoto

Related Stories

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributors

 
Contributor
Willie D. Jones
 

Newsletter Sign Up

Sign up for the ComputerWise newsletter and get biweekly news and analysis on software, systems, and IT delivered directly to your inbox.

Advertisement
Advertisement