According to the Identity Theft Resource Center there has been a 21% increase in breaches (and that is just the ones that have already been reported to regulators) in the same period as last year. Some of these you may be familiar with, others might surprise you:
Those are some pretty significant numbers, and most likely everyone that reads this blog has been affected in some way by at least one of these events. What we all need to remember is that cyber crime isn’t limited to “Black Hat” hackers that only go after the big piles of data. Sometimes it is a disgruntled employee that destroys or releases sensitive data. Sometimes it is an unintentional employee error, or loss of an employee’s laptop/thumbdrive that thieves go after. Often it is the smaller company or mid-sized Enterprise that hasn’t yet implemented security steps, like encryption and authentication, to protect their sensitive information.
If the first list didn’t give you a fright, here is another that might make you tremble with fear. However, we would prefer if it resulted in the topic of data security brought up at your next security and risk management meeting!
University of Maryland
307,079 individuals - personal records
*Hackers broke in twice and stole data
North Dakota University
291,465 student and staff records
Sutherland Healthcare Solutions
168,000 patients
*Stolen computer equipment containing personal health & billing information
Sally Beauty Holdings (retailer)
25,000 customers lost credit card data to a hacker
Catholic Church - Archdiocese of Seattle
90,000 employees and volunteers - database records
Goodwill Industries (charitable resale)
868,000 customers from approximately 330 stores
Jimmy John’s (national sandwich shop)
*undisclosed number of customers from 216 corporate and franchised locations
Internal Revenue Service (IRS)
20,000 individuals affected
*Employee incident - loaded an unsecure drive into insecure home network
Assisted Living Concepts
43,600 current and former employees in 20 states, had their payroll files breached when the vendor’s system was hacked.
Coco-Cola
74,000 people lost unencrypted personal information to a former employee from Atlanta who stole 55 laptops. Company policy requires laptops to be encrypted, but they weren’t.
The Montana Department of Public Health and Human Services
A server holding names, addresses, dates of birth, and Social Security numbers of approximately 1.3 million people was hacked.
Spec’s - wine retailer in Texas
Affecting as many as 550,000 customers across 34 stores, hackers got away with customer names, debit/credit card details (including expiration dates and security codes), account information from paper checks, and even driver’s license numbers.
St. Joseph Health System
Also in Texas, a server was attacked that held approximately 405,000 former and current patients, employees, and beneficiaries information. This data included names, Social Security numbers, dates of birth, medical information, addresses, and some bank account information.
The US Department of Health and Human Services has a breach database of incidents related to exposure of personal health information. Due to late entries, dates weren’t listed, but the following were reported:
A new study from researchers at Gartner indicates that it is markedly less expensive for companies to invest in new security and encryption technologies than it is for them to respond to a data breach. According to the analyst firm, businesses pay roughly $6 per year per user for encryption tools, or $16 per user per year for intrusion prevention software licenses, versus paying out an average of $90 per user to address problems after a breach has occurred.
Five steps you can take to make sure this doesn’t happen to you:
To help open up the conversation around your conference table, download this eBook “Turning a Blind Eye to Data Security” and find out more about the tools & resources to begin discussions about data security in your company!