LifeLock » Verizon Business Data Breach Investigations Report

LifeLock review: Insider data breaches increasing; 1.33 million records stolen by insiders in 2008

admin — Wed, 15 Jul 2009 21:23:19 +0000

Yes, there was a time when a hacker was a pimply-faced guy sitting in his parents’ basement surrounded by pizza boxes and bulky PCs. But that’s not who’s responsible for data breaches in this millennium.

Increasingly, it’s insiders who are stealing their organizations’ information, according to recent studies.

Insiders were responsible for almost 25% of all known data breaches in financial institutions last year, according to a recent study sponsored by Cisco and conducted by the Identity Theft Resource Center.

Verizon Business’ 2009 Data Breach Investigations Report attributes at least 20% of all 2008 data breaches to insiders. Insider data breaches are more damaging because an insider data breach involves the loss or exposure of 100,000 records on average. The total number of records lost to insiders in 2008 was more than 1.33 million, according to the report.

The most obvious reason employees are stealing information is that they can. A survey of nearly 1,000 people who’d been laid-off or fired revealed that 85% of employers failed to perform an audit of hard copy or electronic data employees left with when terminated or laid off.

Not surprisingly, the Ponemon Institute survey also found that 60% of the respondents said they stole customer information, contact lists, employee records, financial reports and more when they left. As well, 24% of them said they were still able to electronically access their former employers’ data months after leaving.

Visit LifeLock.com for more information on their innovative, comprehensive identity theft protection services. Enroll using the LifeLock promotion code DEFENSE to save money on membership!

LifeLock review: 285,000,000 records compromised in 2008 data breaches

admin — Tue, 21 Apr 2009 18:28:34 +0000

Verizon Business’ just-released an analysis of 1,152 data breaches that occurred in 2008, and found that 285,000,000 records were compromised as a result of security lapses. Kind of makes mail shredding seem like a quaint notion, doesn’t it?

As is the raw numbers weren’t bad enough, the Data Breach Investigations Report provides insight into the causes of the breaches. Alarmingly, 64% of the data breaches resulted from hacking; 40% of those attacks were traced to Eastern Europe and East Asia.

Even more alarming is the finding that 67% of all the analyzed breaches were “aided by significant errors.” In this case, it’s fair to blame the victims, given that 81% of them were not compliant with the Payment Card Industry Data Security Standard (PCI DSS). Chief among the ways corporations aided and abetted the enemy was by failing to employ patches available for more than a year at the time of attack.

Despite their abhorrent neglect to adequately protect consumers’ personal and financial information, whenever the powers that be deign to notify their clients and customers of data breaches, they all say the same thing: At Corporation X protecting your security is our top priority. We deeply regret this incident, and are working busily to make sure it never happens again.”

Don’t believe it for a minute. The analysts at Verizon Business also found that 20% of the victims had more than one data breach in the same year. And, though it’s clear cyber attacks have become increasingly sophisticated, more than half of the total data breaches were determined to have required little or no special skills or resources.