[July 13, 2011]

IdentityHawk's Identity Breach Data Report Adds It Up: 534,382,553 Records Breached Since 2005, 97% Avoidable

When there is an incident in which sensitive, protected or confidential online data has potentially been viewed, stolen or used by an unauthorized individual a data breach has occurred. Most people are vulnerable to data breaches just from entering identifying information online or from making transactions for which they provided identity information that was entered into a computer connected to the Internet.

There were 760 data breaches in the United States in 2010, according to The 2011 Data Breach Investigations Report, of which:

• 97% were avoidable through simple or intermediate controls,¹ and
• at least 534,382,553 records have been breached since 2005.

A Federal Issue: Data breaches have become a federal issue in Washington, DC, where ongoing hearings are taking place as of June 2011 to discuss the following:

• a national data breach notification standard;
• increased criminal penalties for hackers; and
• voluntary sharing of information on cybersecurity.

The final outcomes of these hearings are not yet known.

Who/What is responsible for breaches?

Breached Businesses: Many data breaches are results of breached businesses:

• People "outside" of the breached business are stealing credentials to appear as "insiders;"²
• Outsiders are responsible for 92% of breaches, while the percentage of insider attacks dropped from 49% in 2009 to 16% in 2010.¹

Human Error: Also responsible for breaches:

• Increasing consumer Internet usage
• Unsecured and non-updated data security
• Human error/laziness/greed/lack of knowledge (even at the enterprise)

How are data breaches happening?

Unsecurd data: Data breaches happen because hackers and criminals can access data that is left unsecured and available for access. They can access data when it is not encrypted, or even if it is encrypted, if they find the decryption passwords.

There are other ways data can be accessed as well. For example, if just one business computer is unsecured or one work laptop is stolen, all the data accessible through those machines are at risk:

• 92% of the cyber attacks were classified as "not highly difficult"¹
• 83% of the databases hit in 2010 were targets of opportunity;¹
• Hacking, at 50%, and malware, at 49%, are the most prominent types of attack, with many incidents involving weak or stolen credentials and passwords¹

Why are data breaches happening?

Lackadaisical security controls on the side of the breached business seem to be a reason why so many outside data breaches have occurred:

• 97% were found to have been avoidable through simple or intermediate controls;¹
• 89% of the corporate or organizational victims were not compliant with the Payment Card Industry Data Security Standard at the time of the hack;¹
• Risk assessments are not being performed frequently enough;²
• Only 50% of organizations took steps to remediate and protect systems from future breaches after they had been breached.²

Portable information: Laptops/smartphones/tablets are portable and carry secure information with them.

• 95% of IT practitioners report that someone in their organization has had a laptop lost or stolen;³
• Of those laptops lost or stolen, 72% resulted in a data breach;³
• 60% of business managers have disengaged their laptop's encryption solution;³ and
• 48% admit this is in violation of their company's security policy.³

It appears more professional laptop security could prevent some data breaches - personal laptops can also hold loads of secure, many times personal data.

How can consumers lessen their risk of a data breach?

• Clear information out of unnecessary places
• Check credit reports
• Shred unnecessary documents
• Join an online identity theft protection that provides data breach alerts
• Read all alerts and notification notices
• Practice personal Internet security: encrypted proprietary and personal data,⁴ secure Internet connection, use cybersafety smarts (ex: don't click on suspicious links)
• Have back-ups of all identity information
• Use firewalls, anti-spam and anti-virus software⁴
• Keep security software up-to-date and run it regularly

According to Jeff Paradise, executive director of IdentityHawk, "Unfortunately, initial data breaches are a serious problem that often start at the enterprise level. So consumers are unwittingly exposed because of inefficient security measures on the part of businesses they have entrusted with their records. But consumers can be vigilant by having up-to-date information on breaches and quickly close any exposed risks they may have to a threat. Online identity theft protection services like IdentityHawk can alert consumers and also guide them to preventative steps to take."

About IdentityHawk
IdentityHawk is a leading identity protection service that aggressively zeroes in on potential threats to help consumers safeguard their identity. Members are warned of potential identity risks so they can take steps to stop fraud before it starts. IdentityHawk is a product of FYI Direct, Inc., a leader in direct-to-consumer credit and identity protection services. For more information, go to www.identityhawk.com.

1 - The 2011 Data Breach Investigations Report
2 - Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency
3 - Absolute & Ponemon 2010 Laptop Encryption Study
4 - "Layoffs Increase Data Breach Risks"

[ Back To TMCnet.com's Homepage ]