Internally-Generated Data Theft Rising Concern That Needs To Be Addressed By HR Leaders

Home / HR News / Archives / July 2008 / Internal Data Stealing Growing

	-	Archives
	-	August-2008

Business Radio

About Us

Free Email Newsletter

RSS / XML News Feed

Content management software provided by ADX Studios

Data and content powered by Information Strategies, Inc.

Internally-Generated Data Theft Rising Concern That Needs To Be Addressed By HR Leaders

A growing concern for HR leaders is the need to help in protecting corporate information.

More specifically, the rate of employee theft of sensitive customer data is rising along with the loss of other key information.

Businesses, governments and universities reported a record number of data breaches in the first half of this year, a 69 percent increase over the same period in 2007 driven by a spike in data thefts attributed to employees and contractors, according to an analysis by identity theft experts.

The San Diego-based Identity Theft Resource Center tracked 342 data breach reports from Jan. 1 to June 27.

Nearly 37 percent of reports came from businesses -- an increase from almost 29 percent last year.

Data breach reports from health care providers (14.9 percent of the total) and banks (10 percent) continued to rise, while the share of breaches from educational institutions (21.3 percent of the total) government entities and the military (17 percent) declined for the third year in a row, the ITRC found.

In fact, internal data theft is outstripping externally-generated intrusions.

Hacking was the least-cited cause of data breaches in the first six months of 2008 (11.7 percent of the total). Instead, lost or stolen laptops and other digital storage media remain the most frequently cited cause of data breaches, accounting for more than 20 percent of all reported cases, the ITRC found.

The inadvertent posting of personal and financial data online prompted roughly 15 percent of the data breach disclosures.

While the share of breaches due to data on the move fell nearly eight percent from last year, that slack was picked up by insider theft.

Data breaches due to information stolen by someone inside the company increased from just six percent of the total in 2007 to nearly 16 percent so far this year.

Another 13.5 percent of breaches came from subcontractors who lost or stole their clients' customer data.

The 342 breaches the ITRC studied from this year involved almost 17 million consumer records.

But ITRC founder Linda Foley said the true number of records jeopardized by those breaches is likely far higher, because in nearly 40 percent of the breaches the affected entity has not yet disclosed how many consumer records were lost or stolen.

Some 44 states and the District of Columbia now have laws requiring entities that suffer a data loss or breach to alert affected consumers.

According to the ITRC, the states without data breach notification laws are Alaska, Alabama, Iowa, Kentucky, Mississippi and South Dakota. But Foley said only three states -- Maryland, New Hampshire and Wisconsin - require reporting to state officials and routinely publish that information online.

Breach notices filed with those three states have in many cases amounted to the first public disclosure of data breaches, but they also expose the gaps in those disclosure laws, Foley said.

"It's a little like if you see a major pileup on the freeway, there's that one car that caused the whole accident, and then there are bunch of other innocent third parties that are affected due to the domino effect," Foley told the Washington Post.