Payment card data theft jumps five-fold

SEATTLE - Well north of 740 million records were exposed in 2013, making it the worst year in terms of data breaches recorded.

That's a very conservative number derived by analyzing approximately 500 breaches listed on the Privacy Rights Clearinghouse Chronology Data Base, according to the Online Trust Alliance.

That list is comprised of publicly disclosed data breaches and includes the 40 million records Target disclosed losing on Dec. 13. Target's official estimate is now up to 110 million. And many of the breach cases listed for 2013 show an unknown or undisclosed number of records taken. So 740 million is a low number.

CyberTruth video: Retailers mum about data breaches.

Even so, the Clearinghouse's tally shows a five-fold Increase in credit card and social security numbers lost, year over year. But here's the real kicker: the OTA has determined that fully 89 percent of breaches were avoidable if basic security controls and best practices been enforced.

"Consumers and businesses are both victims of rapidly escalating hacking attacks, and as stewards of consumer data it's incumbent on businesses to adopt best practices to help protect consumers from harm," says Craig Spiezle, executive director and president of the Online Trust Alliance. "Companies that fail to do so need to be held accountable."

The OTA -- – a trade organization whose mission is to empower users while promoting Internet innovation and vitality -- supplies a valuable resource designed to help businesses adapt best practices for cybersecurity and privacy: the 2014 Data Protection & Breach Readiness Guide.

"Businesses and organizations have a responsibility to protect consumer privacy and prevent data breaches from aggressive cyber thieves," says Washington State Attorney General Bob Ferguson. "Consumers deserve to know who they can trust. The Online Trust Alliance arms organizations with critical information to reduce cyber risk and protect consumers."

Next Tuesday, Jan. 28 is Data Privacy Day. The OTA is hosting town hall forums and workshops led by cybersecurity, government and privacy luminaries in New York, San Francisco and Seattle. There is no shortage of recent examples of poor data protection practices: Target, Neiman Marcus and Adobe a few recent examples.

"With all the talk of big data, what matters most is the little data - the personal information of all the consumers who trust that we will do whatever it takes to protect the personal data they entrust to our care. Once again OTA is leading the charge, providing businesses with practical and actionable advice to help protect consumers", Neal O'Farrell, executive director, Identity Theft Council.

The general thrust of OTA's guide holds that best practices can only be achieved when companies are no longer complacent with meeting minimum compliance standards for data protection.

What's really needed is a "comprehensive data stewardship strategy" that safeguards data across its entire lifecycle, from collection to deletion, Spiezle says.

Businesses, he says, must be able to quickly assess the nature and scope of an incident, contain it, mitigate the damage and notify all interested parties, including law enforcement and affected customers.