Enterprise breaches involving personal-identity data are on the rise, according to a report by an identity-fraud prevention service vendor.
The 2011 Semiannual Identity Breach Report by IdentityHawk is based on enterprise breaches occurring in the first two quarters of this year, as reported by members.
And the number of enterprise breaches through June -- 158 -- puts the year on a pace to easily surpass the 250 member-reported breaches in 2010. No surprise, given the quite public activities of groups such as Anonymous and LulzSec, which have targeted the networks and databases of major institutions.
If those numbers don't sound so bad, here's the big picture: These breaches resulted in the exposure to risk of 104 million personal-identity accounts -- you know, with real names and/or Social Security numbers, driver's licenses, credit cards, Facebook login, etc. -- just halfway through 2010.
As you look at a month-by-month breakdown of enterprise breaches through June, certain targets keep coming up: universities, hospitals and health-care networks, a few insurance companies, a number of small businesses, the New York Yankees! (well, once).
The biggest breach through the first half of the year -- by far -- targeted Sony, which lost 70 million customer files on April 26. The online group Anonymous claimed credit. The second-biggest breach came on May 2, when 24.6 million personal-identity accounts were lost from the databases at ... Sony Online Entertainment. C'mon, Sony, tighten up!
Among the breaches listed by IdentityHawk is the hacking iof the Arizona Department of Public Safety in June by LulzSec, which subsequently published internal emails, training manuals and names and addresses of law-enforcement personnel.
Anonymous earlier this year also released documents taken from Bank of America's computer network.