Thursday, February 09, 2006
Data Breach Trends
PRESS RELEASE
ID Analytics, Inc., the Identity Risk Management company, today announced findings from its analysis of
publicly-available information on 70 data breaches that occurred in 2005. The
company also announced that a white paper detailing its analysis of four
actual data breaches is now available. Announced in December, the detailed
analysis showed that few of the breached identities appeared to be misused for
criminal financial gain.
In the recent analysis of public information on 70 breaches, the most
interesting findings included:
* The largest volume of data breach incidents occurred in the education
sector (46 percent)
* Fifty-seven percent of the identities breached were in the financial
services sector
* Almost 70 percent of the breached occurrences were because someone
targeted the organization through hacking or some other method to steal
information about consumers
* Of the publicly-reported data breaches during the study period,
77 percent were "identity-level," meaning personal identifiers such as
names and Social Security numbers were breached
* The majority of the identity-level breaches, 38 out of 54, were
intentional, meaning the breach appeared to be the result of a
deliberate theft of identity information from an electronic database
"This high proportion of identity-level breaches suggests that criminals
know exactly what they are targeting since identity-level information is most
profitable for committing identity theft," said Mike Cook, ID Analytics'
co-founder and vice president of product. "Based on the analysis, we believe
that fraudsters determined to steal identity information to perpetrate their
crimes are systematic and deliberate in their attempts."
However, not all of the breaches in the study were intentional. For the
purposes of the analysis, ID Analytics excluded the June 2005 breach of
40 million account numbers from CardSystems due to its large size. Excluding
this breach, more than half (58 percent) of the breached identities in the
study were actually lost, seemingly through human error, rather than because
someone targeted the organization to steal the information.
As part of this study, ID Analytics also analyzed the potential costs of
these data breaches by estimating such losses as operational costs, consumer
notification, card re-issuance, credit monitoring services and anticipated
fraud losses. The analysis showed that during the period of the study
approximately $210 million were lost by the affected organizations as a result
of these breaches.
"Breaches differ, and the risk to consumers and organizations varies
considerably based on the type and scope of the data breach," said Bruce
Hansen, chairman and CEO of ID Analytics. "What's really most important for
both consumers and breached businesses is assessing the degree of risk for a
given breach in order to determine the best next steps to protecting
consumers, protecting the organization, and stemming financial and
reputational losses."
National Data Breach Analysis White Paper Now Available
ID Analytics also announced that its National Data Breach Analysis report
is now available. This 36-page paper examines actual data breach files from
four separate incidents representing approximately 500,000 breached consumer
identities, providing a first-hand glimpse of how real fraudsters are actually
using, or not using, breached data to commit fraud. As announced previously,
the results reveal that few of the breached identities from the analysis
appear to be misused for criminal financial gain. The paper also discusses
how patent-pending technology can help organizations detect data breaches
sooner, determine the best next steps following a breach, and ultimately limit
the harm caused by criminal abuse of breached consumer data. To request a
copy of the paper or find out more about ID Analytics Breach Analysis
Services, email marketing@idanalytics.com.
ID Analytics, Inc., the Identity Risk Management company, today announced findings from its analysis of
publicly-available information on 70 data breaches that occurred in 2005. The
company also announced that a white paper detailing its analysis of four
actual data breaches is now available. Announced in December, the detailed
analysis showed that few of the breached identities appeared to be misused for
criminal financial gain.
In the recent analysis of public information on 70 breaches, the most
interesting findings included:
* The largest volume of data breach incidents occurred in the education
sector (46 percent)
* Fifty-seven percent of the identities breached were in the financial
services sector
* Almost 70 percent of the breached occurrences were because someone
targeted the organization through hacking or some other method to steal
information about consumers
* Of the publicly-reported data breaches during the study period,
77 percent were "identity-level," meaning personal identifiers such as
names and Social Security numbers were breached
* The majority of the identity-level breaches, 38 out of 54, were
intentional, meaning the breach appeared to be the result of a
deliberate theft of identity information from an electronic database
"This high proportion of identity-level breaches suggests that criminals
know exactly what they are targeting since identity-level information is most
profitable for committing identity theft," said Mike Cook, ID Analytics'
co-founder and vice president of product. "Based on the analysis, we believe
that fraudsters determined to steal identity information to perpetrate their
crimes are systematic and deliberate in their attempts."
However, not all of the breaches in the study were intentional. For the
purposes of the analysis, ID Analytics excluded the June 2005 breach of
40 million account numbers from CardSystems due to its large size. Excluding
this breach, more than half (58 percent) of the breached identities in the
study were actually lost, seemingly through human error, rather than because
someone targeted the organization to steal the information.
As part of this study, ID Analytics also analyzed the potential costs of
these data breaches by estimating such losses as operational costs, consumer
notification, card re-issuance, credit monitoring services and anticipated
fraud losses. The analysis showed that during the period of the study
approximately $210 million were lost by the affected organizations as a result
of these breaches.
"Breaches differ, and the risk to consumers and organizations varies
considerably based on the type and scope of the data breach," said Bruce
Hansen, chairman and CEO of ID Analytics. "What's really most important for
both consumers and breached businesses is assessing the degree of risk for a
given breach in order to determine the best next steps to protecting
consumers, protecting the organization, and stemming financial and
reputational losses."
National Data Breach Analysis White Paper Now Available
ID Analytics also announced that its National Data Breach Analysis report
is now available. This 36-page paper examines actual data breach files from
four separate incidents representing approximately 500,000 breached consumer
identities, providing a first-hand glimpse of how real fraudsters are actually
using, or not using, breached data to commit fraud. As announced previously,
the results reveal that few of the breached identities from the analysis
appear to be misused for criminal financial gain. The paper also discusses
how patent-pending technology can help organizations detect data breaches
sooner, determine the best next steps following a breach, and ultimately limit
the harm caused by criminal abuse of breached consumer data. To request a
copy of the paper or find out more about ID Analytics Breach Analysis
Services, email marketing@idanalytics.com.
# posted by raveneye @ 1:51 PM 
