Chris Skinner pointed me to Verizon's staggering
report that there were 285 million records stolen in 2008. 91% of those data breaches were committed by organised criminal groups. It also suggests that PIN algorithms have been defeated.
The number of records stolen in 2008 was more than the previous four years in total.
At Christmas I pointed out that SSL had been cracked, and that pretty well everything else is cactus.
2008 saw a record number of failed security products. Almost everything failed or was defeated.
It seems we aren't getting any better at securing our data. The only hope of there not being a similar trend next year is that possibly all existing records will have been already stolen by the end of this year.
I'd suggest a new approach is in order. Pehaps mine?
One last thing, 75% of losses were from retail and the financial services industry, as if you didn't know, that's really >75% as a result of financial transactions. ~20% of breach victims were PCI compliant, so that doesn't bode well for compliance as a