At least 8.3 million personal and financial records of consumers were potentially compromised by data breaches at businesses, universities and government agencies in the first quarter of 2008, according to statistics released yesterday.
The Identity Theft Resource Center in San Diego said it tracked public reports of 167 data breaches in the first three months of this year. The center recorded 448 incidents in 2007.
Roughly 4.2 million of the breached records were the result of digital intrusions at the Hannaford supermarket chain, disclosed last month.
Overall, businesses were responsible for about 36 percent of the breaches, followed by schools and universities (25 percent), government and military (18 percent), medical/health care (14 percent), and banking and financial institutions (7 percent).
Only about 13 percent of the breaches were the result of hacker break-ins.
Most of the data breaches in the first quarter appear to have resulted from lost or stolen laptops, hard drives or thumb drives. Insider access and the inadvertent posting of sensitive data to a Web site or through e-mail were also frequently cited reasons for breaches, according to the report.
In about 40 percent of the 167 incidents detailed in the report, however, the organizations involved have not disclosed how many records might have been compromised or how many consumers might be affected.
Linda Foley, the Resource Center's founder, said it's unclear whether the increase in incidents this year can be attributed to a greater number of breaches, or the fact that a greater number of states have laws mandating data breach disclosures, or a combination of the two. Nationwide, 39 states and the District of Columbia have laws on the books requiring organizations to notify consumers of a data breach that jeopardizes their personal or financial data.
"The question of why we are hearing more about data breaches is going to take us a couple of more years to sort out," Foley said. "I think, perhaps in addition to the state [disclosure laws], companies are urged on a bit by the fear of the media taking the story and releasing it rather than the companies themselves getting a chance to the spin the news."