BreachExchange mailing list archives
Re: The High Cost Of Data Loss
From: sawaba <sawaba () forced attrition org>
Date: Tue, 21 Mar 2006 23:32:10 -0500 (EST)
Of course, it is all subjective, depending on how you define "data loss". Based on the Attrition data, you have to pull a top 20 to get their top ten, which equals 10 omissions that are as bad or worse than ones in their top ten. Here are the top 20 based on Attrition data: 'CardSystems(Visa,MC,AMEX)', 40000000, '2005-06-19' 'AmericaOnline', 30000000, '2004-06-24' 'MedicaHealthPlans', 12000000, '2005-06-29' 'DataProcessorsInternational', 5000000, '2003-03-06' 'Citigroup', 3900000, '2005-06-06' 'LaSalleBank', 2000000, '2005-12-21' 'DSWShoes', 1496000, '2005-06-30' 'BankofAmerica', 1000000, '2005-02-26' 'BankofAmerica/Wachovia', 676000, '2005-05-23' 'TimeWarnerInc.', 600000, '2005-07-06' 'PetCo', 500000, '2003-07-12' 'GeorgiaTechnologyAuthority', 465000, '2005-05-14' 'ProvidenceHomeServices', 365000, '2006-01-26' 'U.S.DepartmentofAgriculture', 350000, '2006-02-16' 'Lexis-Nexis', 310000, '2005-04-12' 'RBCDainRauscher', 300000, '2005-09-28' 'UniversityofSouthernCailfornia', 270000, '2005-07-09' 'BostonGlobe/WorchesterT&G', 240000, '2006-01-31' 'AmeripriseFinancial', 226000, '2006-01-25' 'MarriottInternational', 206000, '2005-12-28' Again, addressing the definition of "data loss", you'll notice AOL is #2, which was due to email address theft, which is not nearly as damaging as credit card or identity theft. So, if you rule out any data losses other than SSNs and credit card numbers, our list begins to look more similar: 'CardSystems(Visa,MC,AMEX)', 40000000, '2005-06-19' 'DataProcessorsInternational', 5000000, '2003-03-06' 'Citigroup', 3900000, '2005-06-06' 'LaSalleBank', 2000000, '2005-12-21' 'DSWShoes', 1496000, '2005-06-30' 'BankofAmerica', 1000000, '2005-02-26' 'TimeWarnerInc.', 600000, '2005-07-06' 'PetCo', 500000, '2003-07-12' 'GeorgiaTechnologyAuthority', 465000, '2005-05-14' 'U.S.DepartmentofAgriculture', 350000, '2006-02-16' 'Lexis-Nexis', 310000, '2005-04-12' 'UniversityofSouthernCailfornia', 270000, '2005-07-09' 'BostonGlobe/WorchesterT&G', 240000, '2006-01-31' 'AmeripriseFinancial', 226000, '2006-01-25' 'MarriottInternational', 206000, '2005-12-28' --Sawaba
On 3/21/06, lyger <lyger () attrition org> wrote: (I find the "Top 10 Customer Data-Loss Incidents" chart to be of special interest due to possible omissions. Comments? - Lyger) http://www.informationweek.com/story/showArticle.jhtml?articleID=183700367 How many ways are there to expose sensitive personal data? One company misplaces a backup tape; another puts customers' Social Security numbers onto mailing labels for anyone to see. Others lose laptops, inadvertently post private information online, or leave documents exposed to prying eyes. The possibilities are endless-- as we're learning with every new revelation of a data breach or hack or inexcusable lapse in secure business practices. By one estimate, 53 million people--including consumers, employees, students, and patients--have had data about themselves exposed over the past 13 months. This sorry state of affairs is taking its toll: fines, lawsuits, firings, damaged reputations, spooked customers, credit card fraud, a regulatory crackdown, and the expense of fixing what's broken. The situation has become untenable. Here's the ugly truth about how it keeps happening, who's been affected, and what's being done about it. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
Current thread:
- The High Cost Of Data Loss lyger (Mar 21)
- Message not available
- Re: The High Cost Of Data Loss sawaba (Mar 22)
- Message not available