The ITRC – Identity Theft Resource Center is a nonprofit organization that exists to “Educate consumers, corporations, government agencies and other organizations on best practices for fraud and identity theft detection, reduction and mitigation.” They put out a report each year summarizing who was breached and how many records were exposed (if known). 2008’s statistics came out last week…The first link points to the 200+ page report, however it is organized by company or organization so you don’t actually have to read it. Instead, look for companies that are either clients or prospects. The second is a summarized listing of records taken, sorted by company. A couple of things worth noting:
- When the “exposed record” count is zero, the comment under “Was data stolen” is almost always “unknown”, so don’t take zero literally.
- The ITRC report also indicates that 95+ percent of these companies did not have some of the critical security measures in place such as proper encryption and access control. Might be a sales opportunity.
- If you call on government, you’ll notice that government breaches are declining – this may be a result of NIST requirements including two-factor authentication, encryption, and regulations against using social security numbers.