Personal data breaches this year surpass 2007 total -- and 2008 is far from over

This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

The number of U.S. breaches of personal information that could be used in identity fraud so far this year has already passed the total for 2007.

The nonprofit Identity Theft Resource Center, which compiles a list of incidents from media reports, privacy websites and official outlets, said this year’s running total passed the 2007 mark of 446 on Friday, with more than four months to go.

Lucky No. 447 was Alaska Airlines. The center’s co-founder, Linda Foley, said an airline insider had been accused of misusing payment card data supplied by customers. The matter came to light in a letter from the airline to the New Hampshire attorney general.

Of course, the real number of breaches is much higher. Many go unreported, and the ITRC counts only once some breaches that hit multiple sets of people.

For example, the May theft of computer equipment containing under-protected sensitive data from Colt Express Outsourcing Services Inc. counts as one breach. But letters sent to employees of various Colt clients, and to officials in states requiring notification when residents could be affected, reveal that workers at 20 employers have data at risk.

Among the companies whose staffers have been exposed by the Colt break-in in Walnut Creek, Calif.: Google, Bebe Stores, Alston & Bird, and the California Bankers Assn.

Attempts to reach Colt on Friday were unsuccessful, and the company’s website is nearly empty.

‘They disappeared off the face of the earth,’ Foley said. ‘I think I would too.’

-- Joseph Menn

Photo illustration by Mikey G. Ottawa via Flickr