Shostack + Friends Blog Archive


15-30 dataloss incidents daily, sez top Fed cyber-beancounter

The Office of Management and Budget issued a memo in July 2006 requiring agencies to report security incidents that expose personally identifiable information to the U.S. Computer Emergency Readiness Team within one hour of the incident. By June 2007, 40 agencies reported almost 4,000 incidents, an average of about 14 per day. As of this week, the average had increased to 30 a day, said Karen Evans, administrator of the Office of Electronic Government and Information Technology at OMB.

5 comments on "15-30 dataloss incidents daily, sez top Fed cyber-beancounter"

  • Adam says:

    Just for context, how many breaches does Attrition or Pogo cover on an average day?

  • Chris says:

    278 records in DLDOS in 2007, by my reckoning. We’re 304 days into the year (might be off by one there). So, the answer is “about .9” per day.

  • Adam says:

    So the DLDOS is getting incidents at about 1/24th the rate of CERT? hmmm.

  • Chris says:

    That would be correct.

  • Dissent says:

    I don’t keep count on my site, but looking at the week roundups, it looks like I generally post an average of two new reports per day, some of which may be non-U.S. ITRC has been using Pogo as a primary source this year for their analyses, and they show 342 as of October 29th, so they’re running slightly more than 1 per day, but still a far cry from the number of actual and reported exposures.

Comments are closed.