US 2005 WORST YEAR FOR BREACHES OF COMPUTER SECURITYUSATODAY.com - 2005 worst year for breaches of computer security2005 worst year for breaches of computer security
By Jon Swartz, USA TODAY
SAN FRANCISCO ? Data breaches disclosed at Marriott International, Ford Motor, ABN Amro Mortgage Group and Sam's Club this month capped what computer experts call the worst year ever for known computer-security breaches.
At least 130 reported breaches have exposed more than 55 million Americans to potential ID theft this year. Security experts warn that wayward personal data, such as Social Security and credit card numbers, could end up in the hands of criminals and feed a growing problem.

An adviser for the Treasury Department's Office of Technical Assistance estimates cybercrime proceeds in 2004 were $105 billion, greater than those of illegal drug sales.

The breaches come at a time when the Department of Homeland Security's research budget for cybersecurity programs was cut 7%, to $16 million, for 2005. ID theft-related bills are stalled in Congress, and data brokers such as ChoicePoint, itself a victim of fraud this year, remain unregulated, "so it is likely that many more serious breaches have gone unreported," says Avivah Litan, a security analyst at Gartner.

As a result, the Bush administration has drawn the ire of the Cyber Security Industry Alliance, which represents high-tech heavyweights Symantec, McAfee and RSA Security.

"Attacks are taking place every day," says Paul Kurtz, a former Bush administration cybersecurity official who is executive director of CSIA.

Andy Purdy, acting director of the DHS' National Cyber Security Division, says it is working with the private sector and government to build a response system to detect and stop major cyberattacks, among other initiatives. "The challenges are significant, but we believe we're making progress," he says.

On Wednesday, the time-share unit of Marriott said it is notifying 206,000 employees and customers that their personal data, including Social Security numbers and credit card numbers, are missing after backup computer tapes disappeared from an Orlando office.

Last week, Ford Motor told 70,000 current and former employees that a computer with data, including Social Security numbers, was stolen from a company facility.

On Dec. 16, ABN Amro Mortgage Group said a tape containing data for about 2 million customers was lost as it was being transported. The tape was subsequently found. Two weeks before that, Wal-Mart division Sam's Club said at least 600 credit card holders who purchased gas at its fuel stations might have been affected by fraud. The companies say they are investigating.

It is difficult to measure the actual number of break-ins, since many companies are unaware they were hacked. But security experts say there is little doubt there are more digital attacks than ever.

The onslaught is likely to continue unless corporations reallocate security spending to better identify and block online threats, says Abe Kleinfeld, CEO of computer-security firm nCircle.