An assistant professor at the University of Washington co-authored a study on data breaches (compromised personal and financial information), which reveals that the amount of compromised information out there could be a lot worse than anyone thought.
If Phil Howardâ€™s calculations prove true, by yearâ€™s end the 2 billionth personal record â€“ some Americanâ€™s social-security or credit-card number, academic grades or medical history â€“ will become compromised, and itâ€™s corporate America, not rogue hackers, who are primarily to blame. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million a month in 2007, up some 200,000 a month from last year.
While the news media is full of stories about hackers, his survey revealed 60 percent of the breaches were due to “organizational mismanagement.” The report is referring to lost (stolen) hardware, internal theft, administrative error, or accidentally exposing the information online.
According to the authors, gathering the information for this study wouldn’t have been possible before state laws were passed requiring disclosure of data breaches.
Laws requiring this are only on the books in less than half of the states, nationwide.
Phys.org story, here.
Unfortunately, despite a lot of effort, no federal law has been passed, and the most current version before Congress threatens to make it easier not to report data breaches.
Here is a previous post about that subject: