The Identity Theft Resource Center (ITRC) has issued a press release indicating that the number of breach incidents in 2008 already surpass those in all of 2007.

The ITRC had recorded, as of August 22nd, 449 data breaches in 2008. The total number of breaches for 2007, for the entire year, was 446. In both cases, the actual number of breaches are likely higher due to under-reporting and lack of detection. These breach figures speak to incidents, not the number of entities involved in each event or the number of people affected by them.

Linda Foley, founder of ITRC, attributes part of the growth of the breach list to the ability to access Attorney General notification lists in three states, which outline data breaches that don’t always make it to the mainstream media. Linda also believes that more companies are pro-activiely auditing their systems and identifying breaches that were previously undetected.

The current breach list at the ITRC, which reflects more than 22 million compromised records, is also only a partial list of the problem. In more than 40% of breach events, the number of records exposed is not disclosed or known. Although figures of records breached are often more newsworthy, breach events themselves are a more usable statistic for research purposes, ITRC notes.

Of the 449 breaches in 2008, 11% of them have been the result of contractor breaches. That’s an obvious huge area of concern for businesses to identify, and for security policies to step up.

PogoWasRight asks some very pointed questions about the need for a full disclosure law, the role of the federal government in breach situations, and who exactly is responsible to ensure affected individuals in any case are notified of a breach. The same author also talks about the correlation between breach notification, types of breaches, and fraud.

Via emergent chaos ; image ppdigital @morguefile