In 2009, a small number of data leaks exposed more personal information than ever before.G
lance at 2009's data breach statistics, and you might think the IT world had scored a rare win in the endless struggle against cybercrime.
According to the Identity Theft Resource Center, government agencies and businesses reported 435 breaches as of Nov. 17, on track to show a 50% drop from the number of breaches reported in 2008. That would make 2009 the first year that the number of reported data breaches has dropped since 2005, when the ITRC started counting.In Pictures: The Year's Biggest Data DisastersIn Pictures: The Year's Most Notorious CyberbustsIn Pictures: 14 Ways You're Getting Ripped OffIn Pictures: Security Tips For ExecutivesIn Pictures: Five Tips For Protecting Your Online Bank Accounts
But the decrease in data breaches is deceptive. In fact, the number of personal records that were exposed--data like Social Security numbers, medical records and credit card information tied to an individual--that hackers exposed has skyrocketed to 220 million records so far this year, compared with 35 million in 2008. That represents the largest collection of lost data on record. And the majority of 2009's data loss stems from a single source: credit card processing firm Heartland Payment Systems.
The point of access to Heartland's network was hardly unique. Albert Gonzalez, also known by his hacker handle Segvec, along with two Russian co-conspirators who haven't yet been named by authorities, allegedly used an SQL injection to enter a set of commands into a text entry field on a company's Web site that breaks the site's intended function and gains access to the server that it runs on.
From there, the hacker group is accused of planting malicious software that collected and siphoned off credit and debit numbers. Because they targeted a payment processor with access to many clients' financial data rather than a single retailer, Segvec and his partners allegedly pulled away information for as many as 130 million accounts.
Heartland, to be sure, wasn't the only mega-breach this year. Less scrutinized, but still far larger in scope than practically any breach in history, was an incident that occurred at the National Archive and Records Administration (NARA) in October. When a hard drive with the personal information of around 76 million servicemen malfunctioned, NARA sent it back to the IT contractor GMRI for repairs. But by failing to wipe the drive before sending it beyond its premises, NARA ostensibly created the biggest government data breach ever.Text and images: Copyright Forbes.com Any unauthorised reproducton is prohibited. Image: Heartland Payment Systems