A recent press release by the identity-theft protection company IdentityHawk reports that this past September, they counted 54 data breaches that saw 10,461,621 records potentially compromised, as compared to August, which had 44 reported data breaches and 678,614 records reportedly placed at risk. According to the latest count (PDF) at the Identity Theft Resource Center, as of the 18th of October, there have been 327 reported data breaches originating in the US so far this year resulting in 22,237,610 potentially compromised records.
A potentially compromised record is defined by the Identity Theft Resource Center as:
"... an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk - either in electronic or paper format."
As a comparison, last year the Identity Theft Resource Center reported a total of 662 breaches resulting in 16,167,542 potentially compromised records. The year 2009 still hold the record with over 222 million records potentially compromised, mostly due to the Heartland Payment and US veterans' records data breaches.
According to the IdentityHawk release, about 27% of the data breaches reported so far this year were from known hacking.
Some compromised records that have not yet been added to the Identity Theft Resource Center are the 2,000 or so personal records of police officers were acquired by hacktivists claming to be from Anonymous in support of the Occupy Wall Street protests.
According to this story in ComputerWorld, the hacktivists:
"... attacked web sites in Massachusetts and Alabama, including the Boston Police Patrolmen's Association, International Chiefs of Police (IACP), sites run by forces in Birmingham and Jefferson counties in Alabama, and a web company called the Matrix Group which manages the sites."
"In addition to web defacement, the raid netted the attackers 600MB of data from the IACP, including the names and passwords for 1,000 Boston police staff, and the names, addresses, ranks, social security numbers, and phone numbers for another 1,000 officers in Alabama."
The hacktivists claimed that the attack was in response to "acts of aggression" against Occupy protestors. Attacking police web sites in retaliation for perceived police wrong-doing is becoming a common tactic by Anonymous members or followers.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.