Actually, the number of secrets as of Dec. 12 is 99,577,201. That is "the number of records containing sensitive personal information involved in security breaches," that is, data such as account numbers, drivers' license numbers and Social Security numbers that people have logged with organizations they trusted to keep them private.
It's a tally kept by the Privacy Rights Clearinghouse, a San Diego-based group that started making this list in February 2005, when ChoicePoint announced its data breach. You can see the list online here.
It's a constantly growing tally -- just this week the University of California at Los Angeles (800,000 records) and the University of Texas at Dallas (5,000 records) added their entries to the list.
Some might argue that data breach laws -- especially California's SB 1386 notification law -- are to blame for this barrage of bad tidings. (Do you see that? It sounds like blaming the messenger at this point, no?) What I wonder is what security practitioners out there make of a growing tally that starts feeling like one of those Times Square "clocks," like the National Debt Clock, with numbers that defy quick reasoning yet means something to everyone. Have you been subject to one of those breach notifications? (I have.) Who hasn't?
So, do you think 2007 will see more of the same? Will the number of secrets breached reach 200 million? Why? Why not?
-- Michael Goldberg
