I could have done this the simple way by just passing you the URL to the blog post at CSO showing the original stuff. But since this is both important and interesting reading, I decided to write my own blog post.

The Identity Theft Resource Center (ITRC) is a non-profit organization in the US designed to provide free suggestions to consumers about what they can do about identity theft. According to Wikipedia it was founded in December 1999 in San Diego, California. They have been tracking security breaches since 2005, looking for patterns, new trends and any information that may better help them protect data and assist companies in their activities. They publish an interesting data breach list defined this way:

“The ITRC breach list is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies. This list is updated daily, and published each Tuesday. To qualify, breaches must include personal identifying information that could lead to identity theft, especially the loss of Social Security numbers. ITRC follows U.S. Federal guidelines about what combination of personal information comprise a unique individual, and the exposure of which will constitute a data breach.”

According to ITRC a data breach is defined as “an event in which an individual name plus social security number, driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format”.

There are currently two breach reports that are updated and posted on-line on a weekly basis. The ITRC Breach Report presents individual information about data exposure events and running totals for a specific year. The ITRC Breach Stats Report develops some statistics based upon the type of entity involved in the data exposure. Data breaches are not all alike, and can be broken down into a number of categories. What they all have in common is that they usually contain personal identifying information in a format easily read by thieves, i.e. not encrypted.

Based on these reports CSO has made a nice slideshow presenting the top 15 worst by mid-June this year. The number is actually higher since my blog post is written a month later, and you’ll find updated reports for 2012 here at ITRC. Just click on the picture above to open a new browser window to watch the slideshow.

Hopefully this blog post has given you some more knowledge about ITRC and the important work with identity theft, data breaches and publishing information about this theme. On thing is for sure, the number of data breaches and identity thefts will increase in the future. You or your company can be the next victim.

Let me finish by saying that my company are developing Ensafer for encrypting sensitive information on the Internet, so I have a passion for this area.

BTW: If you want to read about the 15 worst Internet privacy scandals of all time, you’ll find it here posted by Networkworld.