Data breaches, often referred to as security breaches, occur when an individual’s
personal information including name, social security number (SSN), email address,
passwords, debit/credit card, nancial account information, medical records, driver’s
license, etc. are compromised and put to unauthorized risk of use, either in paper or
electronic format, for fraudulent purposes including identity theft. Not all data breaches
result in identity theft but many of them do, especially the ones initiated by hackers.
Identity theft occurs when someone who is not authorized to do so uses another
person’s personal information to commit fraud. In the USA, the Federal Trade
Commission (FTC) (Federal Trade Commission, 2012) has tabulated more than 7 million
fraud, identity theft and other complaints from 1997 through 2011and reported them
annually in their Consumer Sentinel Network Data Book. The complaints are collected
directed from consumers and from a variety of law enforcement and other agencies on a
voluntary basis. During 2011, the Data Book included 279,156 identity theft complaints,
which is highly understated, as the FTC estimates that identity theft occurrences exceed
more than 10 million per year in the USA. The discrepancy between actual and reported
identity theft data exists because many victims do not report them to the FTC or law
The Zappo’s company data breach mentioned above is just one example of the
thousands of data breaches that have been identied over the past seven years in the
USA, which does not stand alone, as they have become a plague for individuals and
organizations in every country throughout the world and have been increasing at a
Data breaches are wide spread and have occurred in every type of industry including
nancial, manufacturing, retail/ wholesale, telecommunication/media, hospitality
and professional services as well as other industries including healthcare, government/
military, education, non-prot and others. To gain an understanding of how wide spread
they are, some examples of actual data breaches for selected industries that have
occurred over the past seven years are described as follows. They are taken from the
Privacy Rights Clearinghouse (PRCH) “Chronology of Data Breaches” document.
(Privacy Rights Clearinghouse, 2012).
Business – nance industry
On February 25, 2005, in Charlotte, North Carolina, it was reported that Bank of America
lost computer tapes that included credit card information, Social Security numbers,
account numbers and addresses of 1.2 million customers of whom 900,000 worked for
the Defense Department.
Business – telecommunications/media industry
On May 2, 2005, iron Mountain, a transport company, reported that backup tapes
containing 600,000 records containing personal information for Time Warner’s current
and former employees were lost or stolen during shipping.
On April 26, 2006, a hacker accessed 197,000 records that included names, Social
Security numbers and demographic information of current/prospective students,
alumni, faculty/staff members and corporate recruiters at the University of Texas’s
McCombs School of Business.
trends in the