The study presents data breach information collected from 2005 through 2010, including the disclosure of more than 800 million records over that period. The association said the overall data breach dollar figure did not include the costs that the organizations downstream or upstream incurred, or the losses sustained by the data breach victims. Further, the report, The Leaking Vault 2011, said the data breach cost estimate was low because 35% of the incidents did not name a figure for records lost.
On average, these organizations lost over 388,000 people’s records per day/15,000 records per hour every single day for the past six years, according to the report, which studied 3,765 publicly disclosed data breach incidents from 2005 through 2010.
In 65% of the data breach cases, the data disclosed included the subject’s name, address, and social security number. In contrast, only 15% of the incidents disclosed credit card numbers, and 16% disclosed medical information. Medical disclosures saw a significant increase with the addition of the 2010 data. This is more likely due to the reporting requirement of existing regulations going into effect than an actual increase in incidents, the report observed.
The data breach incidents where criminal use of the data was confirmed increased by 58% from the prior report. The two vectors most likely to show criminal use were the fraud and hacker vectors. Hackers were responsible for 48% of the records disclosed in the study.