The Identity Theft Resource Center (ITRC) monitors five groups for data breaches annually. It found that the financial, banking, and credit industries have remained the most proactive groups in data protection over the past three years. Malware attacks, hacking, and insider theft accounted for about 30% of breaches. In all, the ITRC found about 36 million records were potentially breached in 2008, based on figures derived from the notification letters and information provided by breached entities. Given the statistics, the ITRC urges organizations to minimize the number of people who have access to personally identifiable information and require encryption for all mobile data storage devices that contain identifying information.