Chronology of Data Breaches 2006:
Analysis


Send to PrinterSend to Printer
Copyright © 2007-2015
Privacy Rights Clearinghouse
Posted February 1, 2007
 


 
Analysis prepared by Beth Rosenberg
of Sandstorm.net



 
  Private Sector
(incidents n=126)
Public Sector
(inc. military) (incidents n=114)
Higher Education
(incidents n=52)
Medical Centers
(incidents n=30)
Outside Hackers
15%
13%
52%
3%
Insider Malfeasance
10%
5%
2%
20%
Human/Software Incompetence
20%
44%
21%
20%
Theft (non-laptop)
15%
17%
17%
17%
Laptop Theft
40%
21%
20%
40%
 
Intra-Sector Incidents        
% affected private-sector companies in Fortune 100        
% affected private-sector companies in Fortune 500
9%
     
% US Federal agencies involved in public-sector breaches
23%
     
% US US Military agencies involved in public-sector breaches
19%
     
 
Incidents Involving Laptops
n=119 (37%)
     
% laptop theft where laptops were stolen from offsite
55%
     
% laptop theft where data was described as "encrypted" or "password-protected"
6%
     
% cases resulting in conviction/returned laptops
6%
     
Minimum number of PII potentially compromised by laptop theft
30,475,950
     
 
Incident Response        
Number and % incidents with "unknown" data losses, in addition to the 100,400,000+ reported
n=80, 23%
     
Total number and % incidents where delta between incident and notification was reported
n=119, 37%
     
Mean/median of delta (in days)
44/21
     
# and % organizations unwilling or unable to produce "hard numbers" of records affected (slightly different than #21 above)
n=90, 28%
     
 
Web Site Mistakes        
Number and % incidents in which PIIs were inadvertently posted to a publicly viewable Web site
n=28, 9%
     
Minimum number of PII compromised
1,240,572
     
% Web-based incidents in which an "unknown" number of PII were exposed
36%
     
% Web-based incidents in which offending data has reportedly been taken down
60%
     
% in which offending organization has refused to remove or modify data
7%
     
 
Total Number 2006 Reported Data Breach Incidents
327
     
Approximate Minimum Total # of PII Potentially Compromised in 2006
100,453,730
     
# Data-Breach Identity Thieves Sentenced in 2006
5
     
# Individual Victims of Sentenced Identity Thieves
238