Regarding that exposure of records at the Office of Personnel Management, the agency reported that it has paid privately held Identity Theft Guard Solutions $133 million to provide identity protection services to individuals whose records were stolen.
According to Brian Krebs at Krebs on Security, that sum is not particularly money well spent:
[I]n all likelihood [the $133 million] will do little to prevent identity thieves from hijacking the names, good credit and good faith of breach victims. … The most you can hope for from these services is that they will notify you after crooks have opened a new line of credit in your name. Where these services do excel is in helping with the time-consuming and expensive process of cleaning up your credit report with the major credit reporting agencies. … The only step that will reliably block identity thieves from accessing your credit file — and therefore applying for new loans, credit cards and otherwise ruining your good name — is freezing your credit file with the major credit bureaus.
Here is a rundown of the ITRC report for last week:
- The business sector accounts for about 916,000 exposed records in 212 incidents so far in 2015. That represents 39.8% of the incidents, but just 0.7% of the exposed records.
- The medical/health care sector posted the second-largest percentage of the total breaches so far this year, 34.7% (185) out of the total of 533. The number of records exposed in these breaches totaled 109.7 million, or 78.4% of the total so far in 2015.
- The number of banking/credit/financial breaches totals 51 for the year to date, up from 47 last week, and involves almost 412,000 records, some 9.6% of the total number of breaches and 0.3% of the records exposed.
- The government/military sector has suffered 40 data breaches so far this year, unchanged from the prior week, and just 7.7% of the total, but slightly more than 20% of the total number of records exposed. Nearly 110 million records have been compromised in the government/military sector so far in 2015.
- The educational sector has seen 45 data breaches in 2015, also unchanged from the prior week. The sector accounts for 8.4% of all breaches for the year and more than 740,000 exposed records, about 0.5% of the total so far in 2015.
In all of 2014, ITRC tracked an annual record number of 783 data breaches, up 27.5% year over year compared with 2013. The previous high was 662 breaches in 2010. Since beginning to track data breaches in 2005, ITRC had counted 5,562 breaches through September 1, 2015, involving more than 818 million records. Compared with 2014, the number of data breaches is exactly equal (533) to date in 2015.