Data Breaches | News

Data Breach Madness Declares 2011 Winner

• By Dian Schaffhauser
• 03/14/12

"Bracket madness" has hit the institutional hallways of numerous colleges and universities across the country, as fans await the outcome of 126 separate basketball games to determine the men and women's champion teams in the NCAA tournament. For many, the activity will dominate sports news throughout March.

But a security company that monitors data breaches is using the occasion to come up with its own set of brackets--this one to proclaim the winner of "Data Breach Madness." In this contest, the participants may not be so proud. They've made it into the competition by having more data breaches during 2011 than any other institutions.

TeamSHATTER, the research arm of Application Security, has put together a graphical version of reported data breaches for the year that have hit American institutions.

Who takes first place for 2011? The unwanted distinction goes to Virginia Commonwealth University, which reported a breach of 176,567 records on November 11. Other top contenders for the title include the University of Wisconsin Milwaukee (79,000), Yale University (43,000), and the University of South Carolina (31,000).

If the estimated cost by the Ponemon Institute in its March 2011 study, "U.S. Cost of a Data Breach" is on target, those institutions spent about $112 per record to mitigate the damage caused by its breach. Based on that tally, the Virginia Commonwealth has spent nearly $20 million in mop-up efforts related to the security problem.

There is one note of good news. For 2011, the company tallied a dramatic decrease in the total number of reported records affected (478,490), as well as institutions (48) that reported breaches.

However, just two months into 2012, the year has already seen painful security incidents. Arizona State University reported a breach of 300,000 records in January. City College of San Francisco, University of North Carolina Charlotte, and Central Connecticut State University have also entered the running with breaches of their own.

"While it is encouraging to see the both number of reported higher education breaches and records breached significantly down from 2011, security and operations personnel should not relax their data security efforts," said Alex Rothacker, director of security research at TeamSHATTER. "In 2012 we have already seen some sizable breaches reported, and while exact data on the number of records compromised is not official, we estimate that this year's total has already exceeded that of 2011."