Shostack + Friends Blog Archive


Reporting on Data Breaches: US and Great Britain

Is the recent wave of reporting on British data breaches similar to what we’ve been seeing in the US? A couple of things seem true: the US has way more reported breaches per capita, but both locations have seen greatly accelerated reporting.
Here’s a plot of all US (Country = ‘US’) and British (Country = ‘GB’) breaches in Attrition’s DLDOS, as of March 13, 2008.
The incident count has been normalized by dividing each series by the total number of incidents in that series. The US had 840 reported incidents, Great Britain had 33.


What does this mean? I’m not sure…
Update: Added vertical lines to graphic, in response to Lyger’s comment. Left one is Choicepoint 2/15/05. Right is HMRC 11/20/2007.

4 comments on "Reporting on Data Breaches: US and Great Britain"

  • Adam says:

    I think it means breach disclosure is way up. What happens if you don’t normalize?

  • Lyger says:

    We’ve seen more reports from the UK in the last few months, especially since the HMRC disclosure of 25 million in November 2007. Perhaps the HMRC event was the UK equivalent of the February 2005 Choicepoint event that “broke open the dam”, so to speak, like some of the latest fashion statements seem to start on the US coasts and find their way to the Midwest many months later (perhaps a bad analogy, best one I can think of at the moment)…

  • Chris says:

    ChoicePoint clearly set things rolling here, but HMRC is well along. From the graph, if there was a catalyst in the UK, it was in late 2005 or early 2006. Perplexing…just like fashion trends!

  • Adam says:

    Could you add indicators of when CPS and HMRC happened?

Comments are closed.