According to a recent report in USA Today (available here), criminal attempts to use the internet to steal personal data – including credit card numbers, account user names, passwords, and Social Security numbers – have increased since the financial crisis began last fall, and could continue to accelerate if laid-off IT personnel turn to cybercrime to replace lost income. The report states that cybercrime schemes were already on the rise when the financial crisis began, but that they increased sharply as criminals sought to take advantage of the fear and confusion generated by the crisis. According to one database security firm, of 179 organizations audited by the firm, 56% had suffered at least one data breach in the past twelve months.
Organizations working to protect personal data of employees or clients in response to the recent rash of cybercrime will have new incentive to do so in the coming months, because on May 1, 2009, new Massachusetts regulations regarding the protection of personal data will go into effect. These regulations have significant extra-territorial implications as they will apply to any entity that owns, licenses, stores or maintains “personal information” about a resident of Massachusetts, regardless of where that entity is itself located.