Record year for computer insecurity

Known breaches of personal data exposed millions to identity theft

Data breaches disclosed at Marriott International, Ford Motor, ABN Amro Mortgage Group and Sam's Club this month capped what computer experts call the worst year ever for known computer-security breaches.

At least 130 reported breaches exposed more than 55 million Americans to potential ID theft. Security experts warn that wayward personal data, such as Social Security and credit card numbers, could end up in the hands of criminals and feed a growing problem.

An adviser for the Treasury Department's Office of Technical Assistance estimates cybercrime proceeds in 2004 were $105 billion, greater than those of illegal drug sales.

The breaches come at a time when the Department of Homeland Security's research budget for cybersecurity programs was cut 7 percent to $16 million.

ID theft-related bills are stalled in Congress, and data brokers such as ChoicePoint, itself a victim of fraud this year, remain unregulated, "so it is likely that many more serious breaches have gone unreported," said Avivah Litan, a security analyst at Gartner.

Andy Purdy, acting director of the DHS' National Cyber Security Division, said it is working with the private sector and government to build a response system to detect and stop major cyberattacks. "The challenges are significant, but we believe we're making progress," he said.