Identity Theft Resource Center Reports 104 Security Breaches Since January 1st

Since January 1, 2005, through public announcements and media reports, at least 104 data incidents have been documented in the U.S., potentially affecting more than 56.2 million individuals.

Security breaches fall into a number of easily recognizable patterns:

• Lost or stolen laptops, computers or other computer storage devices without password protection
  
  
• Unprotected backup tapes lost in transit because they were not sent either electronically or with a human escort
  
  
• Hackers breaking into systems
  
  
• Employees stealing information or allowing access to information such as via call centers
  
  
• Information bought by a fake business
  
  
• Poor business practices - for example sending postcards with Social Security numbers on them or requiring students to place name and SSN on rosters that are passed through classrooms or placed on papers or tests
  
  
• Internal security failures including the inability to track personal information through the entire entity's system
  
  
• Viruses, Trojan Horses and computer security loopholes
  
  
• Information tossed into dumpsters - improper disposition of information

While it may be impossible to stop some hackers, most of these breaches could have been avoided by following safe information handling practices. Let us not forget: "Those who cannot remember the past are condemned to repeat it." George Santayana (The Life of Reason, Vol. 1, 1905)

Why were there 4 breaches that involved the shipment of backup tapes without adequate protection? More than half of the breaches listed were educational facilities. The University of Colorado leads the group with four breaches in just this one year. Michigan State University comes in a close second with three. Why are student Social Security numbers still being used as ID numbers and put on laptops that are not password protected?

Something has to change or we might as well give up the battle against identity theft and protecting the privacy of our information now. Congress needs to take action -- not at the expense of consumers but in creating laws and assisting companies to better control their information. Under the current legislation pending, the only time you will hear of a breach is when a company believes there is significant harm that may occur.

The Identity Theft Resource Center, a non-profit organization, has two programs available for companies that assist with breaches. One program is designed to help companies who have just experienced a breach. The other program is a unique assessment tool to help companies see their business "through the eyes of a thief."