Data breach

FISMA
Under the Federal Information Security Management Act of 2002, data breach means "the loss, theft, or other unauthorized access, other than those incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data."

General
The term data breach is generally and broadly defined to include "an organization’s unauthorized or unintentional exposure, disclosure, or loss of sensitive personal information, which can include personally identifiable information such as Social Security numbers, or financial information such as credit card numbers.

Specific instances of data breaches
Numerous data breaches and computer intrusions have been disclosed by the nation’s largest data brokers, retailers, educational institutions, government agencies, health care entities, financial institutions, and Internet businesses. The Privacy Rights Clearinghouse chronicles and reports that over 251 million records containing sensitive personal information were involved in security breaches in the United States since January 2005. From February 2005 to December 2006, 100 million personal records were reportedly lost or exposed. In 2006 the personal data of 26.5 million veterans was breached when a VA employee’s hard drive was stolen from his home. In 2007 the retailer TJX Companies revealed that 46.2 million credit and debit cards may have been compromised during the breach of its computer network by unauthorized individuals. In 2008 the Hannaford supermarket chain revealed that approximately 4 million debit and credit card numbers were compromised when Hannaford’s computer systems were illegally accessed while the cards were being authorized for purchase. There were 1,800 reported cases of fraud connected to the computer intrusion.

Data breaches involving sensitive personal information may result in identity theft and financial crimes (e.g., credit card fraud, phone or utilities fraud, bank fraud, mortgage fraud, employment-related fraud, government documents or benefits fraud, loan fraud, and health-care fraud).

Responses and remedies
These public disclosures have heightened interest in the security of sensitive persosal information ; security of computer systems; applicability of federal laws to the protection of sensitive personal information; adequacy of enforcement tools available to law enforcement officials and federal regulators; business and regulation of data brokers ; liability of retailers, credit card issuers, payment processors, banks, and furnishers of credit reports for costs arising from data breaches; remedies available to individuals whose personal information was accessed without authorization ; prosecution of identity theft crimes related to data breaches; and criminal liability of persons responsible for unauthorized access to computer systems.