by Daniel J. Solove
Recently, hackers from China stole 4.5 million records of patients from a hospital chain in Tennessee. Do you think that’s big? As a Bloomberg article notes, however,” they haven’t come close to entering the ranks of the biggest breaches of all time. In fact, they haven’t even cracked the top 10.”
Bloomberg has a terrific infographic about the top 10 largest data breaches in the United States.
Here are some interesting facts I noticed as I reviewed the chart:
- The top 5 all involve more than 100 million personal records.
- 4 of the top 5 happened within the past year and a half — 2013 to the present.
- 6 of the top 10 happened within the past year and a half – 2013 to the present.
- 8 of the top 10 happened within the past 5 years – 2009 to the present.
- Malicious outsiders seem to be the biggest cause. Accidental data loss and physical loss are also big causes. (See the full infographic for info about causes.)
Source: Bloomberg (click here for the full infographic)
What lessons can be learned?
- Data breaches are getting bigger, and big data breaches are happening more frequently. The risks, costs, and threats are increasing. It’s time for organizations to seriously rethink the resources they are putting into data security and to adjust upward. Bigger breaches + bigger costs need better resources + better solutions.
- The leading causes of data breaches often involve the workforce mistakes. Malicious outsiders often get in because they trick people through phishing and social engineering.
- Organizations are collecting and using data faster than they are able to keep it secure. This is a broad trend I see — just like during the industrial revolution when we rushed to build factories before we could keep them safe and stop them from polluting. I have long believed in the motto: If you can’t protect it, don’t collect it.
- Educate the workforce! Train them once, train them twice, train them thrice. Repeat, repeat, repeat. Make them care. October is National Cyber Security Awareness Month. This is a great opportunity to raise data security awareness.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 800,000 followers.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter