14 DAY TRIAL // Data protection solutions provider Imperva reports that the number of data breach incidents recorded in U.S. this year has nearly doubled compared to 2009, but the volume of exposed records has registered a huge drop.
For its analysis, Imperva used data from Privacy Clearinhouse (PRC), a nonprofit organization that tracks all publicly disclosed U.S. data breaches in order to raise awareness about consumer privacy issues.
PRC’s data shows that 230 million records were compromised in 2009, while so far this year the toll is 13 million. This suggests a huge 93.7% drop.
While this is clearly good news, it's not an indication that organizations have made significant efforts or improvements to keep data more securely.
In fact, quite the opposite, the number of data breaches reported in 2010, 484, was nearly double compared to last year’s 250.
The reason for the major difference in volume of exposed records is caused by the fact that there have been no “mega breaches” reported so far this year.
One example of a mega breach announced in 2009 involved Heartland Payment Systems, one of the largest payment processors in the United States which serves over 250,000 merchants.
Attackers hacked into the company’s network and intercepted transaction data. In total, the credit card details of 130 million people were compromised.
The company paid over $12 million in damages, fines, settlements with the credit card companies and other expenses related to the breach.
In comparison, the largest data breach this year was reported by the Federal Aviation Administration (FAA) and involved the personal information of 3 million airmen.
Imperva notes that even if the number of records stolen is much lower than in 2009, the value of compromised data has increased in 2010.
“It’s important to note that even with the drop in data breach volume, security teams have not gone on vacation. A recent Gartner report showed an 11 percent increase in security budgets from 2009 to 2010,” the company concludes.