Share

Related Stories

  • Comment: Overcoming a Year of Vulnerability
    Mark Dunleavy of Informatica takes a look back at 2012, and explores why it’s being described as a year of vulnerability. We have seen data breaches galore over the past 12 months, so he offers guidance in how to make 2013 the year of data breach prevention
  • Escalating healthcare data breaches come with $7bn pricetag
    Healthcare data breaches, despite their high profile in the news, aren’t getting any rarer: in fact, lost or stolen devices and employee errors are heading towards a $7 billion price tag for the industry – more than the level of funding that the US government gives cancer research.
  • Despite awareness, SMB cybersecurity suffers from resource constraints
    Despite an awareness of security issues surrounding unstructured data and the cloud, smaller companies in the US and the UK are continuing to under-invest in data protection – largely due to resource constraints. They also underestimate the ramifications of data breaches.
  • Data Breach Scoreboard
    Infosecurity compiles history’s top data breaches, while surveying the mandatory reporting landscape in the US and Western Europe
  • Data breach costs skyrocket as class-action lawsuits become more prevalent
    Data breaches are on the rise, and the scope of the amount of data stolen is getting wider. The rise of “Big Data” heists like the one that Sony has been dealing with for 18 months (77 million accounts were compromised) is opening up the potential for class action suits in such cases to become the norm. And that can add millions of dollars to the cost of the incident.

Top 5 Stories

News

Data breach incidents more than double, but record exposure declines

12 February 2013

The number of global data breaches reached 2,644 last year, more than doubling the number of incidents in 2011. Despite the rise in frequency, they accounted for the exposure of 267 million records – a significant improvement over the 412 million records exposed in 2011.

According to a bit of numbers-crunching by the Open Security Foundation, which runs the international DataLoss database, and security consultancy Risk Based Security, just over half of the exposed records in 2012 came from Shanghai Roadway, a Chinese unit of Dun & Bradstreet. Four employees were found to have sold 150 million customer records for roughly 23 cents each – an incident that resulted in the closure of the business unit, fines for Dun & Bradstreet, and fines and jail time for the employees.

Their analysis also found that hackers were the most common culprit behind data breaches, as opposed to loss, theft or inadvertent data mishandling by employees. Again, the numbers are deceptive: while hacking accounted for 1,802 (68.2%) known breaches for the year, it represented only a fifth (22%) of the records exposed.

Conversely, insiders, be they malicious or simply unaware, were responsible for 19.5% of incidents, but a staggering 66.7% of 2012’s exposed records. Malicious insiders, as in the Dun & Bradstreet case, were behind 7.1% of all breaches, while insider errors accounted for 8.9% of incidents and 5.1% of exposed records.

When it comes to the types of data stolen, credentials like user ID, name, password, email and other access data was exposed in more than 44% of incidents – far and away the biggest set of data compromised. Credit-card numbers were exposed in 6.4% of the incidents, account information in 7.4%, medical data in 9.4%, date of birth in 11.2%, social security number (or non-US equivalent) in 14.4% and address in 18.8%.

Important to note in all of this is the fact that the report authors said to keep in mind that the number of records exposed was not reported in 20.6% of breaches – a factor that could significantly change some of the stats. After removing the single incident of 150 million and any incidents for which the organizations did not disclose the number of records exposed, on average, 55,863 records were exposed per incident in 2012, the report found.

This article is featured in:
Data Loss  •  Identity and Access Management  •  Industry News

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×