In the past 14 months, US companies have suffered some of the worst data breaches to ever have been recorded. Tallying up the largest breaches, 348.16 million records (including payment card details, names, addresses, passwords, and email addresses) have been compromised, which is theoretically enough to affect every single US citizen.
- Ebay – May 2014 – Hackers accessed 145 million Ebay user records by compromising employee login details.
- JPMorgan Chase – June 2014 – Names, addresses, phone numbers, and email addresses of 76 million account holders were compromised.
- Target – November 2013 – 70 million payment cards were compromised on the big rush up to Christmas.
- Home Depot – September 2014 – 56 million payment cards were stolen from the country’s largest home improvement and construction retailer.
- Staples – October 2014 – 1.16 million payment cards are thought to have been affected in Staples’ data breach, which occurred at more than 100 of its stores.
TOTAL = 348.16 million
According to the US Census Bureau, the population of the United States of America is estimated to be 319 million. Therefore, every person in the Unites States could have been compromised 1.1 times in the past 14 months (mathematically speaking, of course).
Some of the compromised records will have been duplicates, out of date, not sold on, and the retailers may have rounded the figures up (or down!). But let’s assume that at least half of these compromised records are unique records. That’s 174 million people susceptible to fraud and identity theft – enough to fill the Michigan Stadium 1,583 times over.
Protecting PI with ISO27001
Enough number crunching; the reality is that retailers in the US need to take the protection of personal information (PI) a lot more seriously.
Data protection regulations in Europe, for example, are much stricter. Both consumers and organizations are concerned about what happens with their sensitive information, and are less likely to outsource or use third-party vendors to manage their data without showing some sort of commitment that they take information security seriously. ISO27001, the internationally recognized information security standard, is one of the most requested certifications when companies do business with one another.
In the US, a recent ISO survey revealed that ISO27001 certifications have grown steadily over the past seven years, jumping 36% in 2013.
Alan Calder, the founder and executive chairman of IT Governance, comments on the ISO survey: “The increase in ISO27001 certificates is not surprising. More and more companies have come to realize the benefits of implementing an ISO27001-accredited information security management system, both in terms of improving security and gaining a competitive advantage.”
Depending on your business, what you feel comfortable with, how many resources you have available, and your budget, we’ll be able to help with clear, fixed-price solutions.
Additional resources you may find helpful: