Risk
11/4/2009
07:03 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Corporate Breaches Increase Chances Of Consumer ID Theft, Study Says

When their data is leaked by a business, individuals are four times more likely to suffer identity theft, Javelin study says

Consumers who have received data breach notifications within the past year are at a much greater risk for fraud than typical consumers, according to a new study.

According to a report published last week by Javelin Research, individuals whose personal information has been compromised in a corporate breach are four times more likely to suffer identity theft or fraud. This result runs contrary to the common mantra among breached companies, which often say that they have no indication that the compromised data has been used by criminals.

"Data breach notifications are intended to help consumers take protective action," said Mary Monahan, managing partner and research director at Javelin. "Notification is critical because consumers are over four times more likely to encounter actual fraudulent transactions if they receive a data-breach notification."

But the Javelin study also indicates that most consumers don't see a direct relationship between breach notifications and identity theft.

"During each of the past three years, an average of 11 percent of consumers received a breach notification," Javelin said. "Slightly more than 33 percent of breach victims experienced exposure of their Social Security numbers, and 15 percent of breach victims had their ATM PINs compromised. [But] despite 19.5 percent of breach victims suffering some kind of fraud in the past year, only 2 percent attribute their fraud to the breach."

The Javelin report, "Data Breach Notifications: Victims Face Four Times Higher Risk of Fraud," is based on multiple years of data and includes updates on 2009 data breaches. The report also presents a timeline overview of the most recent and egregious data breaches in U.S. history, with recommendations for how individuals and companies can increase safety.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5704
Published: 2014-04-15
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVE-2013-5705
Published: 2014-04-15
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

CVE-2014-0341
Published: 2014-04-15
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to ob...

CVE-2014-0342
Published: 2014-04-15
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

CVE-2014-0348
Published: 2014-04-15
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding...

Best of the Web