Reported data breaches in the US during 2008 were up 47% on the previous year, to 656, of which 78 affected financial institutions, according to a study from the Identity Theft Resource Center (ITRC).

Financial services accounted for 78 breaches, which is 11.9% of the total.  Whereas last  year, Financial services accounted for 7% of the total in 2007 it's 11.9% total this year represents a 70% bigger piece of the pie than they had last year.

According to Finextra, ...

"The ITRC says at least 35.7 million records were potentially breached but the true figure is likely to be far higher because 41.9% of cases went unreported or undisclosed.

Financial services accounted for over 18.1 million compromised records, 52.5% of the total.

This is largely down to the biggest single breach last year, which saw BNY Mellon Shareowner Services losing around 12.5 million records - including social security numbers, names and addresses - when a box containing unencrypted customer data tapes went missing in transit in February.

In addition, RBS WorldPay was hit by a breach affecting 1.5 million records and Countrywide had two million compromised last year.

Most of the financial sector breaches were the result of hacking, followed by insider theft. Of all breaches across all sectors, 3.5% are attributable to hacking at financial firms, 2.4% to insider theft, 1.7% to data on the move, 0.8% to accidental exposure and 0.8% to subcontractors.

Electronic breaches account for 82.3% of the total, compared to 17.7% for paper. Despite this, just 2.4% of all breaches had encryption or other strong security methods in use and only 8.5% even had password protection." - Finextra

For those interested, I have included links to the following 2008 Year End Reports from the ITRC website:

• ITRC Breach Report 2008 Final
• ITRC Breach Stats Report 2008 Final
• Known vs Unknown
• Paper vs Electronic Summary
• Paper vs Electronic w Category Summary
• Accidental Exposure
• Data on the Move
• Hacking
• Insider Theft
• Subcontractor