December 15, 2006, 9:06 AM — A stolen laptop at The Boeing Co. has pushed a widely watched tally of U.S. data breach victims past the 100 million mark.
On Tuesday, Boeing disclosed that files containing Social Security numbers, names and home addresses of 382,000 current and former employees were compromised in early December when an unencrypted laptop was stolen from an employee's car.
That disclosure pushed the total number of data breach victims on the Privacy Rights Clearinghouse Web site to 100,152,801, said Beth Givens, director of the consumer advocacy group.
Privacy Rights Clearinghouse has been tracking data breaches since February 2005, when ChoicePoint Inc. disclosed that thieves had stolen information on 163,000 victims from the company's database.
The ChoicePoint incident was remarkable because although the data broker was obligated to disclose the theft to victims living in California -- the only state with a beach notification law on the books -- it decided to notify everyone, Givens said. "That was the first time, to the best of our knowledge, that a breached entity decided to disclose the event to individuals nationwide," she said.
"That was a watershed event," she added, "because other entities that had experienced breaches started disclosing the situation to individuals nationwide"
Since the ChoicePoint incident, data security has been in the spotlight, and breaches at the U.S. Department of Veteran's Affairs and, most recently, Boeing and the University of California, Los Angeles, have received national attention.
Givens believes that the actual number of names that have been compromised since ChoicePoint is probably much higher than her tally. "I think the number 100 million is largely a fictional number, but what it really indicates is that this is a very significant problem," she said.
She couldn't say whether all the publicity has made consumers any more secure. "It's quite obvious from the listing that we've compiled that we're in a very leaky boat when it comes to data security," she said. "I don't think that consumers can feel confident about the protection that their personal information receives."
