Attacks/Breaches

6/23/2017
12:00 PM
50%
50%

$12B in Fraud Loss Came from Data Breach Victims in 2016

Three-quarters of the total fraud losses for 2016 arose from victims who had been victims of a data breach within the previous six years.

Data breach victims are likely to someday become victims of fraud. Of the $16 billion in total fraud loss for 2016, $8.3 billion came from victims who had experienced a breach in the past 12 months and $12 billion arose from victims who had breached in the previous six years.

These findings come from a Javelin Advisory Services report entitled "2017 Data Breach Fraud Impact Report: Going Undercover and Recovering Data." Researchers discovered the proportion of breach victims who became fraud victims rose to 31.7%, the highest rate in six years.

Javelin claims its findings underscore the longevity of breached data and the interconnectedness between breaches and fraud. Increasingly smaller financial institutions are becoming aware of the Internet's criminal underground and monitoring the dark Web for mentions of their brand and customers.

The companies with the most mature threat intelligence operations are those acknowledging criminal campaigns. Some operators have infiltrated online criminal groups, and some have paid for data claimed to be stolen. Some buy malware and crime kits directly from threat actors to analyze different malware strains for the purpose of defending against them.

Researchers found the most common type of breached data are credit and debit cards, which were compromised among 44% and 26% of breach victims, respectively, within the past 12 months. Thirteen percent of victims had their Social Security number compromised.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
qinezyqy
50%
50%
qinezyqy,
User Rank: Apprentice
6/27/2017 | 8:26:32 AM
Fraud
12B ? Jesus thats a good amount of money
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/11/2018
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight Security,  10/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18315
PUBLISHED: 2018-10-15
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
CVE-2018-18316
PUBLISHED: 2018-10-15
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
CVE-2018-18317
PUBLISHED: 2018-10-15
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.
CVE-2018-18296
PUBLISHED: 2018-10-15
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
CVE-2018-18309
PUBLISHED: 2018-10-15
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service,...