One obvious reason for large number of breaches is the use of laptops and, as Forbes pointed out, the theft of laptops from government departments is particular problem. It calls the number of incidents in the U.S. "astounding" and cities the well-known case of the theft of a laptop computer from the home of someone working for the U.S. Department of Veterans Affairs: the laptop contained millions of names, birth dates and Social Security numbers (everything needed for successful identity theft in America). Now, in that case, the police found the perpetrators and got the laptop back: perhaps they got lucky and it was stolen by people who thought the laptop was more valuable than the data it contained. It’s not a U.S. issue because exactly the same thing goes on in the U.K.
Even if large scale breaches do not necessarily lead to security incidents, why tempt fate like this? It does make you wonder about organisational policies that allow so much identity data to be stored and transported on laptops (and, I don’t doubt, PDAs and smartphones as well. Why is it necessary to carry so much identity data on a laptops? Can’t people analyse the data in the office?