“We're having upwards of a billion records leaked a year," said Patrick Kelley, CEO of Critical Path Security. “We can pretty much ascertain that every person that has ever been on the internet or created an account on the internet likely has been rolled into a data breach.”
Kelley said tracking down the source of those breaches can be nearly impossible.
“Even though we have state laws that say that we should be disclosing, we haven't really tested those in courts and the companies know that," Kelley said.
"Fewer than four out of five actually report that they've had a breach. They will create some pretty interesting ways to make sure that they don't have to disclose, such as telling companies like us that we are not to give them a final report, we're to provide it to the attorneys because there is attorney client privilege.”