Advertising

The Seattle Times Company

NWjobs | NWautos | NWhomes | NWsource | Free Classifieds | seattletimes.com

The Seattle Times

Business / Technology


Our network sites seattletimes.com | Advanced

Originally published Monday, December 31, 2007 at 12:00 AM

E-mail article     Print view

Data theft soars as hackers outfox security

The loss or theft of personal data such as credit-card and Social Security numbers soared to unprecedented levels in 2007, and the trend...

The Associated Press

Data breaches disclosed in 2007

Discount retailer TJX reports hackers broke into its computer systems and accessed at least 46 million customer records, primarily credit-card data. Banks suing TJX estimate the breach involved at least 94 million records.

Britain's tax and customs department loses two computer disks containing personal information such as addresses and bank-account numbers for about 25 million people. The disks were sent via internal government mail to the government's audit agency but never arrived.

Dai Nippon Printing, a Japanese commercial-printing company, says a former contract worker stole nearly 9 million pieces of private data on customers from 43 clients.

Fidelity National Information Services' check-authorizing subsidiary says information on 8.5 million consumers was stolen, allegedly by a former employee.

TD Ameritrade Holding says one of the online brokerage's databases was hacked and contact information for its more than 6.3 million customers was stolen.

Monster Worldwide, an online-job site, says con artists grabbed contact information from résumés of 1.3 million people.

Source: Associated Press research

BOSTON — The loss or theft of personal data such as credit-card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security, and laptops disappear with sensitive information.

While companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late.

"More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center (ITRC) after becoming an identity-theft victim herself.

Foley's group lists more than 79 million records reported compromised in the United States through Dec. 18. That's a nearly fourfold increase from the nearly 20 million records reported in all of 2006.

Another group, Attrition.org, estimates more than 162 million records were compromised through Dec. 21 — both in the U.S. and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million last year.

"It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year," said Attrition's Brian Martin. "I imagine the total records compromised will steadily climb."

The biggest difference between the two groups' record-loss counts is Attrition.org's estimate that 94 million records were exposed in a theft of credit-card data at TJX, the owner of discount stores including T.J. Maxx and Marshalls. The TJX breach accounts for more than half the total records reported lost this year on both groups' lists.

The ITRC counts about 46 million — the number of records TJX acknowledged in March were potentially compromised. Attrition's figure is based on estimates from Visa and MasterCard officials who were deposed in a lawsuit banks filed against TJX.

The breach is believed to have started when hackers intercepted wireless transfers of customer information at two Marshalls stores in Miami — an entry point that led the hackers to eventually break into TJX's central databases.

TJX has said that before the breach, which was revealed in January, it invested "millions of dollars on computer security and believes our security was comparable to many major retailers."

With wireless-data transmission more common, hackers increasingly are likely to target what many experts see as a major vulnerability.

Eavesdroppers appear to be learning how to bypass security safeguards faster than ever, said Jay Tumas, the head of Harvard University's network operations, at a recent conference for information-security professionals.

"Within a year or two, these folks are catching up," Tumas said.

The two nonprofit groups' 2007 data also show rising numbers of incidents in which employees lose sensitive data, as opposed to cases of hacking.

Besides TJX's problem, major 2007 breaches include lost data disks with bank-account numbers in Britain, a hacker attack on a U.S.-based online broker's database and a con that spilled résumé contact information from a U.S. online-jobs site.

"A lot of breaches are due to inadequate information handling, such as laptop computers with Social Security numbers on them that are lost," Foley said. "This is human error, and something that's completely avoidable, as opposed to a hacker breaking into your computer system."

Attrition.org and the Identity Theft Resource Center are the only groups maintaining databases on breaches and trends each year; the government does not do so. The two groups have been keeping track for only a handful of years, with varied and evolving methods of learning about breaches and estimating how many people were affected.

The groups say it's clear 2007 will be a record year for the amount of information compromised, because of greater data loss and more reporting of breaches.

Both acknowledge many breaches may be missing from their lists, because they largely count incidents reported in the news media. Media coverage has risen in part because of the growing number of states requiring businesses and institutions to publicly disclose data losses.

Thirty-seven states, plus Washington D.C., now have such requirements.

Because of proliferation of such laws, "it may take a year or two before things stabilize and we can see what's really happening," Foley said. "If that's the case, then we'll know whether businesses are practicing better information-handling techniques."

Copyright © 2007 The Seattle Times Company

More Business & Technology headlines...

E-mail article Print view      Share:    Digg     Newsvine

advertising

UPDATE - 6:42 PM
Russian company will bid on Air Force tanker

Boeing accelerates production of 747, 777 models

An abundance of free Wi-Fi across the Northwest

NEW - 8:08 PM
Incentives send auto sales soaring

UPDATE - 7:03 PM
Judge halts deal to sell downtown Seattle's Federal Reserve building

Advertising

Video

Marketplace

Open Houses

Find this weekend's open house listings.
Or search by location:

nwautos

NADAguides.com's best car buys for 2010; a Ford Mustang packed with Kentucky pridenew
(Volkswagen) Auto guide group reveals 2010 car picks NADAguides.com has announced its "Best Car Buys" for 2010 based on fuel efficiency, warranty cove...
Post a comment

 
Most read
Most commented
Most e-mailed
 
 

Most viewed imagesMore

Advertising