The data breaches noted below have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver’s license numbers. A few breaches that do NOT expose such sensitive information have been included in order to underscore the variety and frequency of data breaches. However, we have not included the number of individuals affected in such breaches in the total because we want this compilation to reflect breaches that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws.

For tips on what to do if your personal information has been exposed due to a security breach, read our guide.

The catalyst for reporting data breaches to the affected individuals has been the California law that requires notice of security breaches, the first of its kind in the nation, implemented July 2003.
www.privacyrights.org/ar/SecurityBreach.htm
www.privacy.ca.gov/recommendations/secbreach.pdf

This chronology below begins with ChoicePoint’s 2/15/05 announcement of its data breaches because it was a watershed event in terms of disclosure to the affected individuals. Since then, the “best practice” has been to disclose breaches to individuals nationwide — in a sense, adopting California’s notice requirement nationally.

In the meantime, at least 23 states have passed laws requiring that individuals be notified of security breaches. For a list of states enacting security breach and freeze laws, visit the Consumers Union web site here:

Security breach notice laws: www.consumersunion.org/campaigns/Breach_laws_May05.pdf
Security freeze laws: www.consumersunion.org/campaigns/learn_more/002355indiv.html
State security freeze bills pending in 2006: www.consumersunion.org/campaigns//learn_more/002906indiv.html
And visit the PIRG site here: www.pirg.org/consumer/credit/statelaws.htm.

Congress is considering several bills this year in which security breach notices would be mandated nationwide. See http://thomas.loc.gov. See also EPIC’s bill-track list, www.epic.org/privacy/bill_track.html.

Here are other sources for security breach information:

• Adam Shostack’s blog, www.emergentchaos.com/archives/cat_breaches.html
• Attrition, www.attrition.org/errata/dataloss.html (includes links to news articles and offers free list-serve on the latest breaches, http://attrition.org/security/dataloss.html)
• World Privacy Forum, Security Breaches in the Digital Medical Environment (scroll to section D of testimony), www.worldprivacyforum.org/testimony/NCVHStestimony_092005.html
• Security Breach Resources (Chris Walsh)
  www.cwalsh.org/BreachInfo

[…]

A HUGE list of breaches follows. Go to the site to read it!

[…]

TOTAL 83,114,945

[…]

http://www.privacyrights.org/ar/ChronDataBreaches.htm

And there, once again, you have it.

Britain does not have a unique personal identifier like the american ‘Social Security Number’ (SSN). The British are therefore safe from this type of security breach.

If the UK rolls out the ‘National Identiy Register’ (NIR) then every single person living in the UK will have their Identity compromised in the way described by that website. It is not a question of ‘if’ but of when.

Britian should not introduce the NIR. The British are safer from the threat of identity theft if they do not have a single all encompassing number issued to them.

You must under no circumstances enter the NIR should it be introduced. That is the only way you can be sure that your identity will remain safe.

This entry was posted on Sunday, June 4th, 2006 at 11:01 am and is filed under NIR.