A data breach—the accidental or unauthorized release of private information—is a serious issue for an organization these days. The exposure of customer data can lead to a significant loss of a user’s confidence in the organization. Even worse, the organization could find itself in violation of data privacy laws or on the receiving end of a lawsuit created by its users.
We decided to take a look at the current state of data breaches in the August Symantec Intelligence Report, comparing the first eight months of 2012 against the last eight months of 2011. At first glance it appears that attacks are down—while the overall number of breaches stayed about the same, the average number of identities stolen per breach is down by almost half.
However, this can be attributed to a handful of very large data breaches in our 2011 data set that brought the average up. If we look at the median values for the two time periods, we see a very different picture: the median number of identities stolen is up by 41%. This could indicate that the attackers are going after more select, targeted batches, as opposed to simply making off with big-number caches of data.
We also looked at the most common causes of data breaches. Hackers are responsible for vast majority of identities stolen in 2012—over 88% in fact. But while hackers by and large make off with the most identities, a fair share of individual breaches are still the result of theft, loss, or become public by accidents, as discussed in the report.
This August Symantec Intelligence Report also looks at an email scam that purports to come from Symantec, but is really a ruse to download malware. We also provide details about a Java zero-day vulnerability that was first seen exploited in the wild during August. For further details on these stories and more, download a copy of the August Symantec Intelligence Report.