According to the Identity Theft Resource Center, over 8.49 million files containing personally identifiable information or protected health information (PII or PHI) from 208 separate data breaches have been exposed so far this year. Companies of all sizes and types were victims of breaches, from NASA to a Five Guys Burgers and Fries joint in Schenectady, NY. Other breach victims include utility companies, non-profits, higher education, state-run, and healthcare organizations. On average, a company that experiences a data breach will pay about $200 per record lost in fines (which includes the cost of fraud alerts, credit reports, and other fines). Because organizations most often will lose thousands or millions of records in one breach, these financial penalties can be devastating.

The truth of the matter is this: If you are a company that stores or moves PII or PHI (names, birth dates, addresses, social security numbers, credit card numbers, medical records, etc), you are subject to data protection compliance regulations (PCI DSS, HIPAA/HITECH, FFIEC) and should implement a comprehensive data protection plan that includes AES standard encryption and proper key management. If you’re not sure what constitutes a data breach, read more in our blog Data Breaches Drive Encryption Projects in 2012.

Top data breaches (so far) 2012:

1. New York State Electric & Gas Co.
1.8 million records

2. Global Payments, Inc.
1.5 million payment card numbers

3. California Dept. of Child Support Services
800,000 records

4. Utah Dept. of Technology Services
780,000 medicaid patient files

5. In-Home Support Services, state of California Dept. of Social Services
701,000 records

6. University of Nebraska
654,000 files

7. University of North Carolina-Charlotte
350,000 files

8. Emory Healthcare, Inc.
315,000 records

9. South Carolina Dept. of Health & Human Services
228,435 files

10. Thrift Savings Plan
123,000 federal employee’s data

For more information on AES encryption, download our white paper "AES Encryption and Related Concepts" and learn about how proper encryption and key management work together to secure your data and save your company from a data breach.