According to the Privacy Rights Clearinghouse and ITRC:

  • As of Jan. 21, 2009, over 251 million data records of U.S. residents have been exposed due to security breaches since Jan. 05. Further more, as of July 2008, according to the U.S. census; there were only 303 million people in the U.S.
  • In 2008, there were 356 data breaches, up 47% from 2007 in which there were 446.
  • The 356 data breaches in 2008 accounted for 35,698,000 lost records
According to the IdentityTheft Resource Center 2008 Data Breach Report:

  • There were 656 reported data breaches in 2008, up 47% from 446 in 2007.
  • Only 2.4% of all data breaches were using some form of data encryption.
  • Only 8.5% of reported breaches used password protection.
According to a Ponemon Institute Study, commissioned by Compuware:

  • Found that 80% of organizations in the U.S. have suffered at least one data breach in 2008
  • 43% said they experience at least two or more data breaches during the last two years.
  • 77% agree that notifying victims rapidly is important while only 20% actually contacted victims within a few days of discovering the breach.
  • 75% of the data breaches were caused by negligent insiders.
  • 42% by outsourced data help
  • 26% by malicious insiders
  • 65% of Data Breach costs are the result of lost business.
According to a Ponemon Institute Study, Cost of a Data Breach:

  • In 2008, A Data Breach cost a company an average of $202 per lost record as opposed to $197 in 2007
  • The average cost of a data breach in 2008 is $6.6 million, up 2.5% from 2007.
According to a Ponemon Institute Study, commissioned by Absolute Software:

  • Found that 56% of U.S. business managers disable laptop encryption, increasing risk of data and identity theft.
  • 92% of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 71% report that it resulted in a data breach.
According to a 2007 Research Report compiled by Javelin:

  • Over half of all consumers report that they view companies who have taken the time to notify them of a data security breach more favorably.
  • 84% of consumers say they are more likely to shop at merchants who are viewed as data security leaders.
  • 63% of consumers perceive merchants and retailers as being the least secure in protecting their account information.
  • 85% of consumers say it is important for credit issuers to disclose the identity of the organization which experienced the data breach.
  • Over two thirds of consumers believe it is the responsibility of the breached company or credit issuer to inform them that a data breach has occurred.
  • As of June 2008 44 states have enacted data breach disclosure laws.