Breaking Breach Secrecy, Part 3

Analysis Shows Entities Lack Strong Data Protection Programs

By Robert E. Holtfreter, PH.D., CFE, CICA;Adrian Harrington

  Data Breaches, a 3-Part Series 

The authors' analysis of data-breach statistics shows that organizations poorly protect personal data. Possible solution: U.S. federal rules for guidance in developing comprehensive data protection programs.

JanFeb-password-breachThere are data breaches and then there are data breaches. Hold on as we look at two enormous cases reported by the Privacy Rights Clearinghouse (PRCH) in its "Chronology of Data Breaches." Even though the number of records compromised in these two cases is atypical, it does illustrate the problems consumers face when their personal data is not protected by organizations that use it. 

On Jan. 20, 2009, Visa and MasterCard alerted Heartland Payment Systems, a credit and debit card processor, of suspicious activity related to card transactions. After the company investigated, it found evidence of malicious software that compromised data on more than 130 million cards. The incident may have been the result of a global cyberfraud operation.

On June 16, 2005, hackers infiltrated the network of CardSystems — a third-party processor of payment card transactions — and exposed names, card numbers and card security codes of more than 40 million card accounts, including 68,000 Mastercard accounts, 100,000 Visa accounts and 30,000 accounts from other card brands. On Feb. 26, 2006, CardSystems agreed to settle charges with the Federal Trade Commission that it failed to have in place the proper security measures to protect sensitive personal information. CardSystems notified affected consumers and offered them one year of credit monitoring services. 

Data breaches that lead to identity theft have affected the lives of individual consumers, businesses, nonprofit organizations and governments at all levels throughout the world, especially in the past decade. Security companies are constantly working to develop better products for individuals and organizations to protect personal information. Many organized cybercriminals work as successful profit-making businesses, constantly developing new fraudulent schemes to look for system weaknesses and collect personal identifiable information (PII). 

However, as our new report and analysis in this article show, it is not just blatant hacker efforts that cause data breaches. Organizations and individuals who do a horrible job protecting personal data, of course, create conditions that lead to the majority of data breaches. 


Though not all organizations report data breaches publicly, at least three independent groups track and analyze breaches and publish them in reports: the Privacy Rights Clearinghouse (PRCH), Verizon and the Identity Theft Resource Center®. 

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.