The Identity Theft Resource Center (ITRC) has released a press release with some mid-year statistics on U.S. breaches this year based on the 250 incidents (pdf) they have recorded through June 15.
One of their key findings is that both malicious attacks on databases and incidents involving paper breaches represent proportionally greater percentages of breaches than in past years. Malicious attacks, which they define as “insider theft” or hacking incidents, accounted for 36% of the 250 incidents, while incidents involving paper records accounted for more than 25% of the incidents this year.
The lack of encryption is still evident. ITRC reports that only 0.4% of the 250 incidents involved encrypted data or data that were protected by other strong methods. That figure may be an underestimate, however, since some laws specifically provide safe harbor from reporting and notification if data are encrypted. Another 7.2% of the 250 incidents reportedly used password protection, which often seems to be just basic user login/pass. Over 92% of the incidents reported no password or encryption protection at all.
ITRC’s complete press release can be found on their web site.