Top Fraud Incidents of 2008
We could all argue about the top fraud incidents of 2008 but here are my picks for the top five. I’m basing the list on the number of records exposed and the amount of expectation that the entities entrusted with the data would take better care of it.
Bank of New York Mellon and Archive Systems, Inc.
An unencrypted backup tape with 12.5 million customers of the Bank of New York Mellon went missing on Feb. 27, after it was sent to a storage facility. The missing tape contains social security numbers and bank account information on 12.5 million customers. You would think that financial institutions would be more careful.
Hannaford Data Breach
In March, the Maine-based Hannaford Brothers grocery store chain announced that 4.2 million customer card transactions had been compromised by the hackers. This one was more interesting for two reasons. Over 1800 cards were used soon after the breach; we don’t see that often. Even more telling is that Hannaford appears to have been PCI compliant.
Countrywide Home Loans
2.2 million social security numbers and other ‘identity theft’ information stolen by an employee. Financial institutions need to screen employees and be ever-vigilant for signs of internal fraud.
Compass Bank
One million social security numbers stolen when a hard drive is stolen. Another inside job at a financial institution that makes us wonder just how safe out information really is.
GE Money and Iron Mountain
650,000 people were affected by the loss of a backup tape containing customer data of JC Penney and 100 other retailers. At least 150,000 social security numbers were also on the tapes. Here we have a credit card processor and a data security company loosing data. How bad is that!
The total
Those are my picks for the top breaches of 2008. There were more. Lots more. The Open Security Foundation reports 272 data breaches in the U.S. this year totaling 30.9 million records. There were five breaches of over one million records and three of them were at financial institutions.
That’s reason to wonder!
Similar Posts:
- Why Identity Theft is such a problem!
- Anther data breach victim Part 2
- The Last of the Heartland Breach
- Credit Card Data Breach at Heartland Payment Systems
- Even Some Banks are Careless



<>
That's almost 1/8 of the entire US population compromised ...IN ONE YEAR!!!
January 6th, 2009 at 1:32 AMHow long do these guys require to expose the rest of the continent?
They're working on it. According to the Washington Post, the number of breaches is up "nearly 50%" and the number of records is 35.7 million.
http://www.washingtonpost.com/wp-dyn/content/article/2009/01/05/AR2009010503046.html
It all depends on how you spin it. There is the number of breaches and there is the number of records. Remember that in 2007 the TJX breach alone accounted for 94 million records - almost three times the 2008 total. In '05 there was the Card Systems Solutions of 40 million.
The TJX breach was preventable and there is no excuse for it but I hold banks and processors to a higher standard than a retailer. In my mind, the careless loss of a backup tape with 650,000 records is on par with 40 million records stolen in a sophisticated hack.
The payment industry is fining small merchants for PCI compliance violations while banks and processors are loosing backup tapes. What's wrong with that picture!
January 6th, 2009 at 8:01 AM