subject: Rising Number Of Information Security Breaches In U.s. Authorities Consider Mandatory Reporting [print this page] Recently, identity theft center revealed 662 instances of data breach in U.S over the last year. However, there are no accurate figures on the number of records breached. Data breach may be caused by hacking, human error, phishing, employee theft and other forms of malicious attacks. Data breach results in disclosure of sensitive personal, financial and business information. The information may include names, addresses, social security numbers, protected health information (PHI), credit card number, bank account details, company strategies and confidential reports. Offenders may use the collected information for identity theft or to steal money. Offenders may also sell the information to their underground peers or to the competitors of an organization. Majority of the reported breaches were related to disclosure of social security numbers and, credit and debit card details. Therefore, individuals and organizations must place high emphasis on information security.
However, several data breaches go unreported. Negligence, lack of awareness on the consequences of data breach and reluctance to initiate legal action are some of the reasons that prevent affected individuals from reporting data breach incidents. In some cases, data breach reports by public authorities and organization do not contain specific details on the type of data breach, number of records compromised and number of individuals affected. Only 51% of the data reported breaches indicated the number of records compromised. Proper reporting of data breach is crucial to understand the threat pattern, severity of threats, consequences of the data breach and mitigating measures required.
Organizations must educate their employees on safe computing practices to avoid data disclosure and theft. Regular vulnerability assessment tests and use of ethical hacking may aid the organization in understanding the threats and initiating counteractive measures.
Information security professionalssuggest mandatory reporting to ensure availability of all details related to data breaches. Mandatory reporting may facilitate creation of a centralized and publicly available database. Availability of proper data may help the law enforcement authorities to devise mechanisms to control data breach and related crime. Such facility will also help the general public to understand the prevalent threats and precautions to be followed to avoid being victims of data breach.
