8.3 Million Personal Records Compromised?

The Washington Post reports that at least 8.3 million personal and financial records of consumers were potentially compromised by data spills or breaches at businesses, universities and government agencies in the first quarter of 2008, according to a report released from the Identity Theft Resource Center.

The Identity Theft Resource Center (ITRC), based in San Diego tracked public reports of 167 data breaches in the first three months of 2008. 448 data breaches were recorded in 2007 by the ITRC. Detailed breakdowns from the first quarter of 2008 are available from the ITRC here (PDF) and overall 2007 statistics are available from ITRC here (PDF).

As previously reported by our own Brandon Dimmel, approximately 4.2 million of the breached records at the Hannaford Bros. supermarket last month were blamed on malware.

Businesses were responsible for roughly 36 percent of the data breaches, schools and universities were responsible for 18 percent, medical and healthcare was responsible for 14 percent and banking and financial institutions were responsible for 7 percent. More detail on the industry breakdown is available from the ITRC here (PDF).

According to a tally by Security Fix, 21 hacking incidents in the first three months of 2008 compromised at least 4,624,005 personal and financial records (including the Hannaford supermarket breaches). Most of the data breaches appear to have resulted from lost or stolen laptops, hard drives or thumb drives.

Insider access and inadvertent posting of sensitive data to a web site or through email are cited frequently throughout the report.

In 40 percent of the data breaches, the organizations involved have not disclosed how many records might have been compromised, or how many individual consumers were affected.

The ITRC data is based largely on media reports about the incidents. Linda Foley, ITRC's founder, said it's unclear what's behind the increase in data loss reports this year. Nationwide, 39 states and the District of Columbia have laws requiring organizations to notify consumers of data breaches that could affect their personal and/or financial data.

Ideally, in the case of a data breach the pie-faced company involved would notify you. It's always a good idea to keep an eye on your credit history; not only could you end up losing your identity and money, in some cases you could be mistakenly identified as a criminal, too.

Visit Bill's Links and More for more great tips, just like this one!