Data breaches and ID theft

Identity thefts soared in 2008, and now 2009 is shaping up to be another banner year for phishers, hackers and other ID thieves.

According to a new report from the Identity Theft Resource Center (ITRC), a nonprofit set up to support and educate consumers on identity theft, U.S. businesses and other organizations suffered 83 security breaches so far in 2009 -- potentially exposing the records of at least 1.1 million people.

That finding, released in a new report (available here in PDF format), signals that the pace of data breaches is only increasing. According to the ITRC, breaches struck 656 businesses, government agencies and other organizations last year, an increase of 47 percent over 2007.

And this year's number of victims could only grow, ITRC officials said.

In particular, the number of potential victims it recorded thus far in 2009 excludes those who might have been affected by the breach at one of the nation's largest payment processors, Heartland Payment Systems, where the total number of victims remains unknown, ITRC founder Linda Foley told

"We could be adding millions to our numbers when we find out," Foley said.

The grim statistics come as the latest sign that ID theft is on the rise. The problem topped the list of consumer complaints to the Federal Trade Commission (FTC) during 2008, the agency said in new data released last week. According to the FTC, ID theft accounted for 26 percent of the more than 1.2 million complaints it received last year. The FTC did not respond to requests for further comment by press time.

The findings also point to the growing threat from increasingly sophisticated hackers and ID thieves, coupled with what experts have claimed is persistently poor data security polices or practices at many organizations.

In February, a study by the Ponemon Institute attributed 88 percent of 2008 data losses to internal mistakes.

ITRC's Foley added that that 42 percent of the organizations breached last year did not know how their records had been exposed. This year, the figure is almost 50 percent, she said.

Still, accidental exposure of data remains less costly than thefts. Ponemon also found that breaches by outsiders are on the rise and proving more costly to businesses, with per-victim costs rising $52 between 2007 and 2008, to $243.

Mounting losses

So far this year, the causes of the data losses range from careless disposal of old records to wide-scale data breaches, according to ITRC's report. In addition to Heartland, large organizations that suffered a breach include the University of Florida, health services provider Kaiser Permanente, the FAA.

Those trends are leading to some serious losses.

Dan Clements, president of ID theft protection and fraud prevention firm CardCops, told that consumers reported fraud-related losses totaling more than $1.8 billion last year.

Clements said he believes the increase in fraud is tied to the economic downturn. For one thing, identity theft was highest in Arizona, California and Florida -- states among the hardest-hit in home foreclosures.

This article was first published on