Tracking Data Breaches by Industry
Data breaches examined across five verticals: finance, health care, retail, government and education.
A lot of people I know will be glued to their computers on Thursday and Friday - not working hard, but rather checking all of the action of the NCAA men's basketball tournament. Most of those people have been filling out their tournament brackets, trying to predict the team that will win the national championship. "Bracketology" is what draws in fans and gives them a more vested interested in the tournament.
This year, I'm much more interested in TeamSHATTER's NCAA bracket. No, it isn't picking who will end up in the Final Four. Instead, TeamSHATTER's bracket breaks down the schools that suffered the most data breaches last year. The "champion" is Virginia Commonwealth University. As the TeamSHATTER blog pointed out:
During last year's NCAA tournament, VCU captured the nation's attention with its Cinderella-like actual Final Four appearance before ultimately seeing their journey end in a 70-62 defeat at the hands of the Butler Bulldogs.
Unfortunately for VCU, their "Data Breach Madness Final Four" journey did not fall short and they earned the distinction of reporting the largest data breach of 2011 by a U.S.-based institution of higher learning.
The bracket was put together based on the number of reported breaches in 2011. The schools were "seeded" by the number of records affected.
The good news is that the number of schools and the number of records breached decreased from 2010 to 2011, and, in fact, are at the lowest totals since 2005, when statistics about data breaches started being tallied.
Has higher education figured out how to better protect the huge numbers and the wide variety of personal data stored in university networks? The challenges college campuses face differ from most corporate environments, as schools must deal with an ever-changing student population, plus faculty and staff records, financial data, intellectual property and health records (many universities run hospitals or at least have a health clinic for students). Colleges have less control over the devices used by students and faculty. If you think about it, the university should be a dream hit for the bad guys; yet, in 2011, the numbers went down.
However, we also need to wonder if 2011 was a fluke year. As TeamSHATTER said in a release, competition for next year's bracket has already begun. Arizona State University reported a breach of 300,000 records in January and other significant breaches reported have come from the City College of San Francisco, University of North Carolina Charlotte and Central Connecticut State University. As Alex Rothacker, director of security research, AppSecInc's TeamSHATTER, explained:
While it is encouraging to see the both number of reported higher education breaches and records breached significantly down from 2011, security and operations personnel should not relax their data security efforts. In 2012 we have already seen some sizable breaches reported, and while exact data on the number of records compromised is not official, we estimate that this year's total has already exceeded that of 2011.
Colleges still have their work cut out for them, but hopefully, they'll be able to build on 2011 low numbers. TeamSHATTER's bracket is the only one your school should want to miss.