[Dataloss] The High Cost Of Data Loss

sawaba sawaba at forced.attrition.org
Tue Mar 21 23:32:10 EST 2006


Of course, it is all subjective, depending on how you define "data loss". 
Based on the Attrition data, you have to pull a top 20 to get their top 
ten, which equals 10 omissions that are as bad or worse than ones in their 
top ten.

Here are the top 20 based on Attrition data:
'CardSystems(Visa,MC,AMEX)', 40000000, '2005-06-19'
'AmericaOnline', 30000000, '2004-06-24'
'MedicaHealthPlans', 12000000, '2005-06-29'
'DataProcessorsInternational', 5000000, '2003-03-06'
'Citigroup', 3900000, '2005-06-06'
'LaSalleBank', 2000000, '2005-12-21'
'DSWShoes', 1496000, '2005-06-30'
'BankofAmerica', 1000000, '2005-02-26'
'BankofAmerica/Wachovia', 676000, '2005-05-23'
'TimeWarnerInc.', 600000, '2005-07-06'
'PetCo', 500000, '2003-07-12'
'GeorgiaTechnologyAuthority', 465000, '2005-05-14'
'ProvidenceHomeServices', 365000, '2006-01-26'
'U.S.DepartmentofAgriculture', 350000, '2006-02-16'
'Lexis-Nexis', 310000, '2005-04-12'
'RBCDainRauscher', 300000, '2005-09-28'
'UniversityofSouthernCailfornia', 270000, '2005-07-09'
'BostonGlobe/WorchesterT&G', 240000, '2006-01-31'
'AmeripriseFinancial', 226000, '2006-01-25'
'MarriottInternational', 206000, '2005-12-28'

Again, addressing the definition of "data loss", you'll notice AOL is #2, 
which was due to email address theft, which is not nearly as damaging as 
credit card or identity theft.

So, if you rule out any data losses other than SSNs and credit card 
numbers, our list begins to look more similar:
'CardSystems(Visa,MC,AMEX)', 40000000, '2005-06-19'
'DataProcessorsInternational', 5000000, '2003-03-06'
'Citigroup', 3900000, '2005-06-06'
'LaSalleBank', 2000000, '2005-12-21'
'DSWShoes', 1496000, '2005-06-30'
'BankofAmerica', 1000000, '2005-02-26'
'TimeWarnerInc.', 600000, '2005-07-06'
'PetCo', 500000, '2003-07-12'
'GeorgiaTechnologyAuthority', 465000, '2005-05-14'
'U.S.DepartmentofAgriculture', 350000, '2006-02-16'
'Lexis-Nexis', 310000, '2005-04-12'
'UniversityofSouthernCailfornia', 270000, '2005-07-09'
'BostonGlobe/WorchesterT&G', 240000, '2006-01-31'
'AmeripriseFinancial', 226000, '2006-01-25'
'MarriottInternational', 206000, '2005-12-28'

--Sawaba

>
> On 3/21/06, lyger <lyger at attrition.org> wrote:
>
> (I find the "Top 10 Customer Data-Loss Incidents" chart to be of special
> interest due to possible omissions.  Comments? - Lyger)
>
> http://www.informationweek.com/story/showArticle.jhtml?articleID=183700367
>
> How many ways are there to expose sensitive personal data? One company
> misplaces a backup tape; another puts customers' Social Security numbers
> onto mailing labels for anyone to see. Others lose laptops, inadvertently
> post private information online, or leave documents exposed to prying
> eyes. The possibilities are endless-- as we're learning with every new
> revelation of a data breach or hack or inexcusable lapse in secure
> business practices. By one estimate, 53 million people--including
> consumers, employees, students, and patients--have had data about
> themselves exposed over the past 13 months.
>
> This sorry state of affairs is taking its toll: fines, lawsuits, firings,
> damaged reputations, spooked customers, credit card fraud, a regulatory
> crackdown, and the expense of fixing what's broken. The situation has
> become untenable. Here's the ugly truth about how it keeps happening,
> who's been affected, and what's being done about it.
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/errata/dataloss/
>
>
>


More information about the Dataloss mailing list