With 2009 (thankfully) behind us, we should take a minute to look back before moving on. As most people recognize and accept, history tends to repeat itself and 2009 is a great year to learn from others’ mistakes and missteps.
Computerworld created a "2009 data breach hall of shame" recently that is an excellent read if you would like an overview of the most notorious data breaches of 2009. None of us should lose sight of the thousands (if not tens of thousands) of smaller and unreported data breaches that occur every year.
I will not restate the work down by Computerworld, but I do believe that the RockYou breach is the most egregious. Assuming all of the facts as reported in various media outlets are true, the idiotic (ignorant is just not the right word) storage of passwords in plain text (rather than in an encrypted form) highlights just how far companies have yet to go to understand even the most basic principles of data protection.
Let’s all hope for a safer, more compliant year in 2010 if, for no other reason, so that our own personal information is not released into the wilds. Happy new year.