LifeLock Blog

The Identity Theft Resource Center released the results this week of their most recent data breach study, an analysis of data breaches publicly reported so far this year. Little of the news is good, but two of the ITRC’s findings are especially alarming.

Perhaps the most disturbing discovery is that of the roughly 250 reported breaches, only one of the victims could say the stolen information was encrypted.

Almost every state has laws compelling entities to report data breaches, but apparently even the fear of public disclosure and bad publicity still isn’t enough to make businesses and other organizations protect the data they hold.

“It’s a dual problem here undeterred by law or common sense,” said Linda Foley, co-founder of the ITRC. “You’d think if all these organizations have to notify, that they would take some steps to make sure their data doesn’t get exposed in the first place.”

Another surprising finding is that employees are stealing records at the same rate as hackers. Together, the two types of attacks are responsible for 36.4% of the roughly 250 data breaches reported publicly this year as of June 12.

The only good news to be found in the study is that the total number of data breaches is down by roughly 30% from the same time last year when 342 breaches had already been reported.

Unfortunately, even that slight ray of sunshine is dimmed by the fact that at least 12 million businesses and consumers are affected by this year’s data breaches, and the total is probably far greater than that; fewer than half of the entities that reported breaches revealed the number of victims affected.