Attacks/Breaches
1/6/2009
02:54 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Data Breaches Booming

The Identity Theft Resource Center says reported data breaches increased by 47% from 2007 to 2008.

In a down year, data breaches went up, again.

In 2008, according to the Identity Theft Resource Center, there were 656 reported data breaches, an increase of 47% from the 2007 total of 446.

The breaches were reported in the following sectors: business (240), education (131), government/military (110), health/medical (97), and financial/credit (78).

"The financial, banking, and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said in a statement. "The government/military category has dropped nearly 50% since 2006, moving from the highest number of breaches to the third highest."

With the business sector accounting for 36.6% of the breach total in 2008, up from 28.9% of the 2007 total and 21% of the 2006 total, the ITRC observes that the business community needs to improve its data security measures.

An analysis published on the Chronicles of Dissent blog argues that the financial sector should be singled out for poor security.

"Whereas ITRC's analysis might lead to the conclusion that the financial section is the most proactive sector because they represent less than 12% of all breaches, inspection of the raw frequency data suggests a somewhat different picture: reported breaches increased over 250% from 2007 to 2008," the blog states. "That trend indicates that security in the financial sector is not keeping pace with previous threats and new threats to data security."

One obvious place to start would be actually attempting to protect data. "[O]nly 2.4% of all breaches had encryption or other strong protection methods in use," according to the ITRC. "Only 8.5% of reported breaches had password protection."

According to the ITRC, malware attacks, hacking, and insider theft account for 29.6% of the breaches with known reported causes. Insider theft alone more than doubled from 2007 to 2008, and now accounts for 15.7% of breaches with known reported causes.

The ITRC also notes that electronic breaches (82.3%) are significantly more common than paper breaches (17.7%).

On the positive side, breaches related to human error -- data lost while on the move and accidental exposure -- declined, though they still account for 35.2% of breaches with reported causes.

Also, the government and military showed marked improvement, accounting for only 16.8% of the breaches last year, compared with 30% in 2006.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3090
Published: 2014-09-23
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3101
Published: 2014-09-23
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2014-3103
Published: 2014-09-23
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2014-3104
Published: 2014-09-23
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3105
Published: 2014-09-23
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account n...

Best of the Web
Dark Reading Radio