Personal details of 280 million people lost in last three years, says KPMG

KPMG's first Data Loss Barometer shows that 280m people worldwide have lost personal details over...

KPMG's first Data Loss Barometer shows that 280m people worldwide have lost personal details over the last three years, with almost a fifth (19%) of data loss incidents linked to government organisations.

The consultant said that overall, 25% of data losses were through PC thefts.

KPMG said the problem of data losses from public organisations and businesses is increasing, judging by the number of incidents and their significance each year.

The barometer anticipates there will be over 400 breaches in 2008, as businesses become more reliant on technology, and despite consumers' growing awareness of the issue surrounding identity fraud and the threat to their personal information.

The first KPMG Data Loss Barometer tracked and analysed publicly disclosed data loss incidents worldwide between 2005 and June 2008. It found:

  • 1,034 incidents reported
  • 280m people have lost personal details over the last three years
  • All sectors affected: but 19 per cent are government organisations
  • 25 per cent of incidents through PC theft
  • 50 per cent of cases come from internal sources
  • 46 per cent of lost data had no protection

Malcolm Marshall, a KPMG partner, said, "Incidents of data loss pose a serious threat to organisations of all sizes and across every business sector. The impact on brand reputation is high and customer trust can be seriously damaged.

"Finding possible leakages and ensuring that internal procedures are in place with clear definitions will reduce companies' risk of becoming a victim of data loss. Policies and controls should be continually reviewed due to changes in technologies, processes and personnel."

The barometer found that the most vulnerable sectors were education and healthcare, where the number of personal records, "the culture of these establishments", and restricted security budgets left them particularly open to loss.

Government organisations saw 19% of incidents, while 14% of losses were in financial services, where often financial data will have the most immediate value for organised criminals.

Between 2007 and 2008, the barometer reveals that the details of 139m people were wrongly disclosed.

The research is based on publicly disclosed data loss incidents recorded by the likes of the Open Security Foundation, the Identity Theft Centre and the Information Commissioner's Office.

Hackney NHS trust encrypts IT equipment following loss of child data >>

When IT meets politics blog >;>;

Read more on Hackers and cybercrime prevention