And remember, these are just the breaches we know about. In some states, government agencies are not legally required to publicly report data breaches, or to notify potential victims that their personal information has been exposed. To take one little-known example, local governments in California are exempted from that state's breach notification law -- "a big exception, in my opinion," as Clearinghouse founder and director Beth Givens told us, since local governments "compile a great deal of personal information." Furthermore, out of 268 breach incidents reported since 2009, the 67 of the public agencies responsible (and I use that term loosely) couldn't even figure out how many records were lost. That fact alone will tell anyone with basic math skills and a lick of common sense that this epidemic is much worse than we know.
What's even more astonishing than the total number of personal records breached is how the databases were compromised in the first place. Despite what news reports, urban legend, and simple logic might lead you to believe, sophisticated, premeditated attacks by hackers accounted for only 40 breaches since 2009, a mere 15 percent of the total.
