Data Breach Count Reaches All-Time High, Includes New Facebook, H&R Block Breaches
Written by Evan SchumanThe number of reported data breaches has been soaring, with the figure from the first six months of 2008 some 69 percent higher than the number from the identical period last year. Among those were little-known recent breaches of Facebook, H&R Block and BearingPoint.
The report from the non-profit San Diego-based Identity Theft Resource Center lists 342 data breaches since Jan. 1, 2008. Of those 342 breaches, about 12 percent were cyber thieves, 16 percent were insider theft, 15.2 percent were accidental exposure and 13.5 percent were subcontractor issues. Also, about 20 percent of the data breaches involved data "on the move," referring to laptops, thumb drives or PDAs.
The Identity Theft Resource Center "data breach count has reached an all-time high," the report said. "The actual number of breaches is more than likely higher, due to underreporting, and the fact that some of the breaches reported, which affect multiple businesses, are listed as a single event."
Among those breaches were:
When Facebook was installing a new software update in May, a code glitch displayed on the site the driver’s license numbers of two members, according to a letter from Facebook to those users.
The two Maryland members who were affected had previously provided their driver’s license numbers as a form of authentication. A code glitch on May 2 caused an image of that number to be shown on Facebook for two hours, the letter said.
"Once it was discovered, Facebook immediately fixed the software glitch," reads the letter. "In addition, Facebook has relocated the image of the driver’s license to a separate, secure database to ensure that such information is not inadvertently displayed in the future."
A software application error with H&R Block’s Web site in April permitted users to read other users’ online conversations with their tax counselor, said a letter from the financial advising company to the affected users.
H&R Block said that for a user to have viewed this information, they "would have had to perform a series of particular and unlikely steps within the online program."
"In order for this error to occur, the message board user had to fit a specific user profile and would have had to perform a series of particular steps within the online program," said a letter from H&R Block corporate counsel Catherine J. Watson to the Maryland Attorney General’s Office. In a letter to consumers, the company further said such steps were "unlikely."
The consumer letter said users may have been able to see such information as names, social security numbers, credit-card numbers, driver’s license numbers or financial numbers of other users. H&R Block offered those whose information may have been breached free identity monitoring for a year.
A burglar broke into the home of a BearingPoint employee last May, swiping a company-issued laptop that contained the names and Social Security numbers of six independent BearingPoint contractors, according to a letter sent to those contractors.
The stolen laptop did not have any financial information about the contractors and the personal information on it requires two passwords and two forms of authentication to be accessed, the letter said. BearingPoint offered those contractors a free year of credit monitoring.
"We have no reason to believe that the information stored on the stolen laptop was the target of the burglary or that the information has been misused," the letter said.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
