ITRC Report: Malicious Attacks Are Now More Frequent Than Human Error

The Identity Theft Resource Center (ITRC) reported its annual breach data for 2009 last week, and for the first time malicious attacks were more frequently identified as the source of those breaches than human error.

In its "2009 Data Breach Report," the ITRC found 498 publicly disclosed breaches last year, down from 657 the year before. The downturn could have resulted from changes in breach disclosure, rather than a real drop-off in system compromises, the organization says.

Interestingly, paper breaches now account for 26 percent of data leaks, up 46 percent compared to 2008. Malicious attacks outnumbered breaches attributed to human error for the first time in the three years the report has been compiled.

The business sector accounted for 41 percent of data breaches, up from 21 percent the year before. Approximately 222 million records were compromised, the organization says -- and about 130 million of those came from the single breach at Heartland Payment Systems.

Out of 498 breaches, only six reported they had either encryption or other strong security features protecting the exposed data, the ITRC says .

"After all the articles about hacking, and the ever growing cost of a breach, why isn't encryption being used to protect personal identifying information?" the ITRC asks in its report. "Proprietary information almost always seems to be well protected. Why not our customer/consumer personal identifying information (PII)?"

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.