Threat Activity Trends

Threat Activity Trends | Spam and Fraud Activity Trends | Malicious Website Activity | Analysis of Malicious Web Activity by Attack Toolkits | Analysis of Web-based Spyware and Adware Activity | Analysis of Web Policy Risks from Inappropriate Use | Analysis of Website Categories Exploited to Deliver Malicious Code | Bot-infected Computers | Analysis of Mobile Threats | Data Breaches that Could Lead to Identity Theft

Data Breaches that Could Lead to Identity Theft

Background

Political activism and hacking were two big themes resulting in data theft in 2011, and ones that continue to persevere into 2012. There were many high profile hacking breaches last year that received lots of media attention for obvious reasons. Hacking can undermine institutional confidence in a company, and loss of personal data can result in damage to an organizations reputation. Despite the media hype around these breaches, hacking came in second to old-fashioned theft as the greatest source of data breaches last year according to the Norton Cybercrime Index data12. In the event of a data breach, many countries have existing data breach notification legislation that regulates the responsibilities of organizations conducting business after a data breach has occurred. For example, the EU13, the United States (46 states)14, the District of Columbia, Puerto Rico, and the Virgin Islands have all enacted legislation requiring notification of security breaches involving personal information.

Methodology

The data for the data breaches that could lead to identity theft is procured from the Norton Cybercrime Index (CCI). The Norton CCI is a statistical model which measures the levels of threats including malicious software, fraud, identity theft, spam, phishing and social engineering daily. Data for the CCI is primarily derived from Symantec Global Intelligence Network and for certain data from ID Analytics15. The majority of the Norton CCI's data comes from Symantec's Global Intelligence Network, one of the industry's most comprehensive sources of intelligence about online threats. The data breach section of the Norton CCI is derived from data breaches that have been reported by legitimate media sources and have exposed personal information, including name, address, Social Security numbers, credit card numbers, or medical history. Using publicly available data the Norton CCI determines the sectors that were most often affected by data breaches, as well as the most common causes of data loss.
The sector that experienced the loss along with the cause of loss that occurred is determined through analysis of the organization reporting the loss and the method that facilitated the loss.
The data also reflects the severity of the breach by measuring the total number of identities exposed to attackers, using the same publicly available data. An identity is considered to be exposed if personal or financial data related to the identity is made available through the data breach. Data may include names, government-issued identification numbers, credit card information, home addresses, or email information. A data breach is considered deliberate when the cause of the breach is due to hacking, insider intervention, or fraud. A data breach is considered to be caused by hacking if data related to identity theft was exposed by attackers, external to an organization, gaining unauthorized access to computers or networks. (Hacking is an intentional act with the objective of stealing data that can be used for purposes of identity theft or other fraud.)
It should be noted that some sectors may need to comply with more stringent reporting requirements for data breaches than others do. For instance, government organizations are more likely to report data breaches, either due to regulatory obligations or in conjunction with publicly accessible audits and performance reports16. Conversely, organizations that rely on consumer confidence may be less inclined to report such breaches for fear of negative consumer, industry, or market reaction. As a result, sectors that are not required or encouraged to report data breaches may be under-represented in this data set.
Figure A.30. Timeline of data breaches showing identities breached in 2011, global. Source: Based on data provided by Norton Cyber Crime Index

Data and commentary for Data and commentary for data breaches that could lead to identity theft by sector

Figure A.31. Data breaches that could lead to identity theft and identities exposed by sector. Source: Based on data provided by Norton Cyber Crime Index

Top-ten sectors by number of data breaches

  • Healthcare, government and education sectors ranked top for number of data breaches, but ranked lower for number of identities exposed: Although the healthcare, government and education sectors accounted for the top three largest percentages for number of data breaches in 2011, those breaches accounted for approximately 9.7% of all reported identities exposed during 2011 (figure A.31).
  • This is due to the average number of identities exposed in each of the data breaches in these sectors being relatively low. The average number of identities exposed per data breach was approximately 133,500 for these three sectors combined, compared with an average of 19.4 million identities exposed per breach for the computer software sector alone (figure A.32).
Figure A.32. Average number of identities exposed per data breach by notable sector. Source: Based on data provided by Norton Cyber Crime Index
  • Top data breaches are reflected in top sectors for identities exposed: The top three sectors of Computer Software, IT and Healthcare had the largest number of identities exposed due to data breaches in 2011; these three sectors accounted for 93.0% of the total number of identities exposed.

Data and commentary for data breaches that could lead to identity theft by cause

Top causes for data breach by number of breaches

Figure A.33. Data breaches that could lead to identity theft and identities exposed, by cause. Source: Based on data provided by Norton Cyber Crime Index

Top causes for data breach by number of identities exposed

  • Theft or loss was the top cause for data breaches: The most frequent cause of data breaches (across all sectors) that could facilitate identity theft in 2011 was theft or loss of a computer or other medium on which data is stored or transmitted, such as a USB key or a back-up medium (figure A.33).
  • Theft or loss accounted for 34.3% of breaches that could lead to identities exposed in 2011 and this equated to approximately 18.5 million identities exposed in total.
  • The second most frequent data breach type was related to Hackers (29.0%), which exposed approximately 187.2 million identities in 2011, the greatest number for any cause of breach in 2011.
Figure A.34. Average number of identities exposed per data breach, by cause. Source: Based on data provided by Norton Cyber Crime Index
  • Hacking was the leading source for reported identities exposed: Although hacking was the second most common cause of data breaches that could lead to identity theft in 2011, it was the top cause for the number of reported identities exposed. Hacking was responsible for over 80.5% of the identities exposed in the largest data breaches that occurred in 2011.
  • The average number of identities exposed per data breach in Hacking incidents was approximately 3.3 million.

Data and Commentary for type of information exposed in deliberate breaches

Figure A.35. Type of information exposed in deliberate breaches. Source: Based on data provided by Norton Cyber Crime Index
  • The most common types of identity information leaked in deliberate data breaches was names, addresses and credit card numbers; accounting for one-third of the identities breached in 2011.
  • Names, phone numbers, email addresses and passwords were found in 16% of breaches.
  • Usernames, passwords and purchase information were identified in 16% of the identity breaches.
12http://www.nortoncybercrimeindex.com/

13http://www.enisa.europa.eu/act/it/library/deliverables/dbn/at_download/fullReport/

14http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/SecurityBreachNotificationLaws/tabid/13489/Default.aspx

15http://www.idanalytics.com/

16For example, the Fair and Accurate Credit Transactions Act of 2003 (FACTA) of California. Another example is the Health Insurance Portability and Accountability Act of 1996. For more information see: http://www.cms.hhs.gov/HIP AAGenInfo/