RSS Alerts
A data breach at Heartland Payment Systems exposed the details of 30 million records.

Share

More services

Related Links

Related Stories

  • QSA system is broken, says Heartland CEO
    In a session titled ‘Enhancing payment security in 2010’, Robert O. Carr, Chairman and CEO or Heartland Payment Systems - the subject of potentially the world’s biggest data security breach earlier this year - declared that the model used by quality security assessors (QSA) is “broken”.
  • Heartland takes US$12.6m hit for breach
    Heartland Payment Systems has revealed that it lost US$12.6m as a result of its 2008 data breach, in the same week that it finally regained official Payment Card Industry Data Security standard (PCI DSS) compliance.
  • Heartland breach generates storm of lawsuits
    Embarrassment over the massive data breach suffered by Heartland Payment Systems has turned out to be only the start of the firm's problems. The company, which announced the potential compromise of an as-yet undisclosed number of card records, is now on the receiving end of lawsuits from at least eight banks and credit unions.
  • Arrests made in Heartland breach
    Timothy J. Johns, Jeremy A. Frazier and Tony Acreus, all in their early twenties, were arrested while using stolen credit card numbers to make purchases in Leon County, Tallahassee.
  • Heartland Discovers Card Heist
    Payment processing company Heartland Payment Systems was red-faced last week after the disclosure of a data breach that took place in 2008.

Top 5 Stories

News

Report reveals hacking to be top cause of data breaches in 2009

12 January 2010

Although the total number of reported data breach incidents fell year over year in 2009, the number of compromised records was still estimated at over 222 million. For the first time this past year, malicious attacks, which include hacking and insider theft, overtook human error as the leading cause of data breach in the US. This is according to a recent report compiled by the Identity Theft Resource Center, a San Diego-based non-profit that tracks occurrences of identity theft.

The annual Identity Theft Resource Center Breach Report is complicated by the fact that not all details of major data breaches are publicly reported. Reported incidents often fail to disclose the exact number of compromised records. ITRC alluded to local laws and state policies that deny public access to data breach information as the major roadblock to accurate reporting results.

A major undeniable theme throughout the ITRC report was the impact that data breaches via hacking had on the business sector in 2009. In fact, business ranked as the most vulnerable segment for data breaches, clocking in at 41% of total incidents. The final scorecard for the business sector included 10.6% of all hacking-related breaches and 58.7% of all compromised records over the last year. Tracking data from ITRC indicate that 2009 was the fifth consecutive year that businesses increased their share of data breach incidents, up from 21% in 2006.

ITRC cited the “organization and sophistication of crime rings” as the major factors for this steady increase. Although the actual number of data breach incidents decreased when compared with 2008, highly publicized hacking incidents, such as Heartland Payments Systems, still resulted in 30 million compromised records from just a single hack. The Heartland case was second only to the US Military, which reported more than 76 million exposed records in 2009.

Other sectors fared much better in preventing hacking-related data breach incidents in 2009. Among them: financials (2.0%), education (3.6%), government/military (1.6%), and medical/healthcare (1.6%).

The report also underlined the importance of encryption security features. Of the reported 498 data breaches in 2009, only six organizations reported the use of “encryption or other strong security features protecting the exposed data”.

This article is featured in:
Data Loss  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012