Knowledge is key to mitigating damage in the event of a data breach, yet there is little transparency in the reporting of most incidents, according to research from the Identity Theft Resource Center (ITRC). Critical information relating to breaches were missing in nearly two-thirds of the notifications.
Of 213 publicly disclosed data breaches from the first half of 2012, 63 percent lacked details on what information was stolen, who was responsible or how the breach occurred. This percentage doubled from the same time period of 2011.
"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events," the ITRC report read. "The public has no way of knowing just how minor or serious the data exposure was for any given incident."
Other concerns about the timeliness of reporting highlight recent attempts to install new data breach notification legislation in the United States. Under existing laws, compromised organizations would be forced to report within 60 days, but the newest legislation fails to even specify such a requirement.
However, even at 60 days the nature of many breaches resulting from hackers means that such a time frame may not be quick enough, according to CSO Online. Many breaches may not even be discovered after 60 days and the attackers will often already have exploited much of the data in that time.
