MADISON, Wis. (8/16/10)--Roughly one-fifth-21%--of breached entities subject to Payment Card Industry (PCI) standards had been found to be compliant in their last annual assessment before the breaches, according to a new report. Verizon Business’ new 2010 Data Breach Investigations Report examined 141 breaches from 2009. Roughly 84 of the breaches were investigated by the Secret Service, while 57 were investigated by Verizon (Digital Transactions Aug. 5). While most of the entities that were breached were not PCI compliant, the 21% that were indicate that merchants may only focus on compliance during assessment time, instead of all year. Some companies will “ramp up” their efforts to validate themselves with an assessor comes in, but then allows compliance to “erode a little bit over the year,” said Wade Baker, director of risk intelligence at Verizon Business. However, some trusted administrators who are compliant may have problems that cannot be protected against, he added. Payment card data was involved in 54% of card breaches and accounted for 83% of compromised records. However, the share is declining. A few years ago, 80% or more of breaches and nearly all of stolen data were card numbers, the publication said.