Attacks/Breaches
1/6/2009
02:54 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Data Breaches Booming

The Identity Theft Resource Center says reported data breaches increased by 47% from 2007 to 2008.

In a down year, data breaches went up, again.

In 2008, according to the Identity Theft Resource Center, there were 656 reported data breaches, an increase of 47% from the 2007 total of 446.

The breaches were reported in the following sectors: business (240), education (131), government/military (110), health/medical (97), and financial/credit (78).

"The financial, banking, and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said in a statement. "The government/military category has dropped nearly 50% since 2006, moving from the highest number of breaches to the third highest."

With the business sector accounting for 36.6% of the breach total in 2008, up from 28.9% of the 2007 total and 21% of the 2006 total, the ITRC observes that the business community needs to improve its data security measures.

An analysis published on the Chronicles of Dissent blog argues that the financial sector should be singled out for poor security.

"Whereas ITRC's analysis might lead to the conclusion that the financial section is the most proactive sector because they represent less than 12% of all breaches, inspection of the raw frequency data suggests a somewhat different picture: reported breaches increased over 250% from 2007 to 2008," the blog states. "That trend indicates that security in the financial sector is not keeping pace with previous threats and new threats to data security."

One obvious place to start would be actually attempting to protect data. "[O]nly 2.4% of all breaches had encryption or other strong protection methods in use," according to the ITRC. "Only 8.5% of reported breaches had password protection."

According to the ITRC, malware attacks, hacking, and insider theft account for 29.6% of the breaches with known reported causes. Insider theft alone more than doubled from 2007 to 2008, and now accounts for 15.7% of breaches with known reported causes.

The ITRC also notes that electronic breaches (82.3%) are significantly more common than paper breaches (17.7%).

On the positive side, breaches related to human error -- data lost while on the move and accidental exposure -- declined, though they still account for 35.2% of breaches with reported causes.

Also, the government and military showed marked improvement, accounting for only 16.8% of the breaches last year, compared with 30% in 2006.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant