The Identity Theft Resource Center has published the list of security breaches reported in the US in 2008. The number is astonishing - 449, which is three incidents more than the total registered in 2007. "The actual number of breaches is most likely higher, due to under-reporting and the fact that some of the breaches reported, which affect multiple businesses, are listed as single events. In the last few months, two subcontractors became examples of these 'multiple' events. In one case, the customers and/or employees of at least 20 entities were affected by a breach that the ITRC reported as a single breach event," said the organization in an official release.

The total number of exposed files, which can be translated into potentially stolen identities, overpassed 20 million. To scale down the drama, although the situation is definitely serious, some people who are involved in several businesses might have lost their personal information to different criminals at the same time, which doesn't necessarily increase the damage. The most affected sectors were Business, Educational, Government/Military, Medical/Healthcare and Banking/Credit/Financial.

In some of the cases (drawing on 40% of the total), although private information was confirmed to have been lost, the number of affected files remained a mystery. Very few of the companies, organizations and medical resorts that have been affected by security breaches had their data encrypted. This kept them safe from danger, even though they had also been attacked.

The organization that keeps track of security incidents explained that the numbers offered by the report might be highly inaccurate. First of all because many fear the media attention that is drawn upon their companies each time a security breach is reported. In fact, one RSA Conference survey released earlier this month claimed that only 11% of the security incidents are reported, while 49% of the companies are actually affected.