Prioritizing IT spending is hard. Increasing awareness for IT security risks among executive managers is not any easier. Breach notification laws, which have recently been enacted by many states in the US, help on both accounts.
In a nutshell, the laws require companies that suffered a breach of sensitive customer information to notify the affected individuals. This is one of the reasons we have been hearing so many announcements of such incidents. It's not that data wasn't being compromised earlier; it's just that now there are legal obligations for making the breached public.
Knowing the circumstances of publicly-announced breaches can help you identify and mitigate similar risks in your organization. An ISC reader wrote to us about one such situation, where he was asked to research incidents where a backup tape lost in transit resulted in a breach that led to identity fraud.
Although it's difficult to link breaches to confirmed cases of identity fraud--such details are rarely made public--here are a few ways you can keep track of announced data breaches.
Here are a few more data points related to data breaches, which you may want to add to your arsenal:
InfoSec Practice Leader
Gemini Systems, LLC
Mar 24th 2007
1 decade ago