Data Breaches Rose Sharply In 2008

0 views
Skip to first unread message

winston...@gmail.com

unread,
Jan 20, 2009, 3:02:19 PM1/20/09
to Content Monitoring
http://www.csoonline.com/article/474813/Data_Breaches_Rose_Sharply_In_

Data Breaches Rose Sharply In 2008
More than 35 million data records were breached in 2008, according to
the Identity Theft Resource Center
» Comments
By Jeremy Kirk, IDG News Service (London Bureau)

January 08, 2009 — CSO —

More than 35 million data records were breached in 2008 in the U.S., a
figure that underscores continuing difficulties in securing
information, according to the Identity Theft Resource Center (ITRC).

The majority of the lost data was neither encrypted nor protected by a
password, according to the ITRC's report.

It documents 656 breaches in 2008 from a range of well-known U.S.
companies and government entities, compared to 446 breaches in 2007, a
47 percent increase. Information about the breaches was collected by
tracking media reports and the disclosures companies are required to
make by law.

Data breach notification laws vary by state. Some companies do not
reveal the number of data records that have been affected, which means
the actual number of data breaches is likely much more than 35
million.

"More companies are revealing that they have had a data breach, either
due to laws or public pressure," the ITRC wrote on its Web site. "Our
sense is that two things are happening -- the criminal population is
stealing more data from companies and that we are hearing more about
the breaches."

The data breaches came from a variety of mishaps, including theft of
laptops, hacking, employees improperly handling data, accidental
disclosure and problems with subcontractors.

BNY Mellon Shareowner Services, an investment bank based in New
Jersey, reported the highest number of breached records: 12.5 million.
A box of computer tapes containing names, Social Security and account
numbers was lost in February 2008. A lock on the truck transporting
the tapes was broken, and the truck had been left unattended,
according to news reports. The tapes were not encrypted.

The business community had the most breaches, comprising more than a
third of the 656 breaches, ITRC said. Government and military
organizations came in at 16.8 percent, the second-highest tally.
However, that's an improvement over 2006, when that sector comprised
nearly 30 percent of all reported data breaches, the center said.

Some 15.7 percent of all breaches were attributed to insider theft, a
figure that more than doubled between 2007 and 2008, ITRC said.

winston ogilvy

unread,
Apr 26, 2009, 10:26:09 AM4/26/09
to content-m...@googlegroups.com


---------- Forwarded message ----------
From: <winston...@gmail.com>
Date: Thu, Apr 23, 2009 at 2:29 PM
Subject: Re: Data Breaches Rose Sharply In 2008
To: winston...@gmail.com


Adding this updated thread for 2009.  Will also include the attachment
in the googlegroups file upload section.

-winston

285 MILLION RECORDS WERE COMPROMISED IN 2008.

.
► 2009 Data Breach Investigations Report

A study conducted by the Verizon Business RISK team.

Executive Summary
2008 will likely be remembered as a tumultuous year for corporations
and consumers alike. Fear, uncertainty, and doubt seized global
financial markets; corporate giants toppled with alarming regularity;
and many who previously lived in abundance found providing for just
the essentials to be difficult. Among the headlines of economic woes
came reports of some of the largest data breaches in history. These
events served as a reminder that, in addition to our markets, the
safety and security of our information could not be assumed either.

The 2009 Data Breach Investigations Report (DBIR) covers this chaotic
period in history from the viewpoint of our forensic investigators.
The 90 confirmed breaches within our 2008 caseload encompass an
astounding 285 million compromised records. These records have a
compelling story to tell, and the pages of this report are dedicated
to relaying it. As with last year, our goal is that the data and
analysis presented in this report prove helpful to the planning and
security efforts of our readers. Below are a few highlights from the
report:

Closely resembling the stats from our 2008 report, most data breaches
continue to originate from external sources. Though still a third of
our sample, breaches linked to business partners fell for the first
time in years. The median size of breaches caused by insiders is still
the highest but the predominance of total records lost was attributed
to outsiders. 91 percent of all compromised records were linked to
organized criminal groups.

In the more successful breaches, the attacker exploited some mistake
committed by the victim, hacked into the network, and installed
malware on a system to collect data. 98 percent of all records
breached included at least one of these attributes. Unauthorized
access via default credentials (usually third-party remote access) and
SQL injection (against web applications) were the top types of
hacking. The percentage of customized malware used in these attacks
more than doubled in 2008. Privilege misuse was fairly common, but not
many breaches from physical attacks were observed in 2008.

Reply all
Reply to author
Forward
0 new messages