Analysis of Reported Data Breaches
Published March 16th, 2006 in Phishing, Intrusion Detection/Prevention, Firewalls, SecurityThe Privacy Rights Clearinghouse has a Chronology of Data Breaches since the first ChoicePoint incident in February 2005. I spent some time grouping the breaches into some similar categories and analyzing the cause of the breaches. This analysis covers the report incidents from February 15, 2005 through March 14, 2006.
The categories I used are:
- Backup Loss (Loss or Theft of Backup Tapes or other Archived Data)
- Computer Loss (Loss or Theft of Laptops, Computers, or hard drives)
- ID Theft (Stolen user accounts or compromised passwords)
- Inside Data Theft (Theft of data from inside the company, malicious intent or violation of policy)
- Network Attack (compromised network or servers through various hacking methods)
- Self-Exposed (Exposure of information either accidentally or ignorantly through websites, email, or other public means)
These numbers are very conservative. If there was an estimate of those affected, I used the low number. If it was an unknown or undisclosed number, I did not include it. Here’s the breakdown:
- Network Attacks (43,470,180 affected) 81%
- Backup Loss (6,705,690 affected) 13%
- Inside Data Theft (1,378,450 affected) 3%
- Computer Loss (1,195,724 affected) 2%
- Self-Exposed (679,813 affected) 1%
- ID Theft (180,903 affected) 0%
The biggest single breach was the June 16, 2005 hack of CardSystems which affected 40,000,000 individuals. It’s also interesting to note that Network Attacks was also the largest factor for number of incidents at 37%.
One Response to “Analysis of Reported Data Breaches”
Please Wait
Leave a Reply
You must log in to post a comment.