The Identity Theft Resource Center released its latest data breach information, and the information, to say the least, is confusing. According to the ID Theft Center:
"In 2009, the Identity Theft Resource Center Breach Report recorded 498 breaches, less than the 657 in 2008, more than the 446 in 2007. Are data breaches increasing or decreasing? That is the question no one can answer."
Part of the problem, the Center concluded, is in the way breaches are-or are not-reported.
"When we allow laws to be created requiring breach reporting but not disclosure, and provide minimal enforcement or penalty for non-compliance, we can expect a lack of public disclosure. Counting breaches becomes an exercise in insanity."
The federal government took a step in the right direction with its mandated data breach notification law. Still, in 2009, there are questions on how many breaches may have happened that were never reported. According to the Identity Theft Resource Center:
"The ITRC Breach Report recorded more than 222 million potentially compromised records in 2009. Of those, 200 million are attributed to two very large breaches. Before obsessing with record count, however, one should be aware that in more than 52% of the breaches publicly reported, NO statement of the number of records exposed is given. Therefore, it is unknown how many total records may have been exposed due to breaches in 2009."
Knowing how breaches occur and to whom they are occurring is the first line of defense in preventing further risk and protecting customers.