Symantec.com > Enterprise > Security Response > Internet Security Threat Report > View the Report > Threat Activity Trends

Threat Activity Trends

Threat Activity Trends | Spam and Fraud Activity Trends | Malicious Website Activity | Analysis of Malicious Web Activity by Attack Toolkits | Analysis of Web-based Spyware and Adware Activity | Analysis of Web Policy Risks from Inappropriate Use | Analysis of Website Categories Exploited to Deliver Malicious Code | Bot-infected Computers | Analysis of Mobile Threats | Data Breaches that Could Lead to Identity Theft

Data Breaches That Could Lead to Identity Theft

Background

Identity theft continues to be a high-profile security issue, particularly for organizations that store and manage large amounts of personal information. Not only can compromises that result in the loss of personal data undermine customer and institutional confidence, they can result in damage to an organization’s reputation and can be costly for individuals recovering from the resulting identity theft. In 2010, the average cost per incident of a data breach in the United States was $7.2 million, an increase of 7 percent from 2009 (all figures in USD). The most expensive data breach to resolve cost one organization $35.3 million.
Many countries have existing data breach notification legislation that regulates the responsibilities of organizations conducting business within the particular government after a data breach has occurred. For example, in the United States, 46 states, the District of Columbia, Puerto Rico, and the Virgin Islands have all enacted legislation requiring notification of security breaches involving personal information.

Methodology

Using publicly available data provided by the Open Security Foundation (OSF) Dataloss DB, Symantec determines the sectors that were most often affected by these breaches, as well as the most common causes of data loss. The OSF records data breaches that have been reported by legitimate media sources and have exposed personal information, including name, address, Social Security number, credit card number, or medical history. The sector that experienced the loss along with the cause of loss that occurred is determined through analysis of the organization reporting the loss and the method that facilitated the loss.
This discussion also explores the severity of the breach by measuring the total number of identities exposed to attackers, using the same publicly available data. An identity is considered exposed if personal or financial data related to the identity is made available through the data breach. A data breach is considered deliberate when the cause of the breach is due to hacking, insider intervention, or fraud. A data breach is considered to be caused by hacking if data related to identity theft was exposed by attackers external to an organization gaining unauthorized access to computers or networks. A data breach is considered to be caused by insecure policy if it can be attributed to a failure to develop, implement, and/or comply with adequate security policy.

It should be noted that some sectors may need to comply with more stringent reporting requirements for data breaches than others do. For instance, government organizations are more likely to report data breaches, either due to regulatory obligations or in conjunction with publicly accessible audits and performance reports. (For one example of this, please see the Fair and Accurate Credit Transactions Act of California.) Conversely, organizations that rely on consumer confidence may be less inclined to report such breaches for fear of negative consumer, industry, or market reaction. As a result, sectors that are not required or encouraged to report data breaches may be under-represented in this data set.

Data Breaches That Could Lead to Identity Theft, by Sector

Data

Figure 7. Data breaches that could lead to identity theft and identities exposed, by sector
Source: Based on data provided by OSF DataLossDB (due to rounding, percentages may not total 100 percent)


Figure 8. Average number of identities exposed per data breach, by notable sector
Source: Based on data provided by OSF DataLossDB


Commentary

A high number of data breaches does not necessarily equate to identities exposed: The top three sectors reporting data breaches in 2010 (healthcare, education, and government) accounted for only a quarter of all identities exposed during the reporting period. This is due to the small number of identities exposed in each of the data breaches in these sectors. In 2010, the average number of identities exposed per data breach for each of these sectors was less than 38,000, whereas the average number of identities exposed per breach for the financial sector was 236,000.

Large-scale breaches are likely to result in more identities exposed: The top sector for identities exposed in 2010, the financial sector (at 23 percent) also had the highest average number of identities exposed per incident (235,383). Much of this is due to a breach in March 2010 when a financial sector organization exposed sensitive information on 3.3 million customers, including government-issued identification numbers.

Breaches That Could Lead to Identity Theft, by Cause

Data

Figure 9. Data breaches that could lead to identity theft and identities exposed, by cause
Source: Based on data provided by OSF DataLossDB (due to rounding, percentages may not total 100 percent)


Figure 10. Average number of identities exposed per data breach, by cause
Source: Based on data provided by OSF DataLossDB


Commentary

Data breaches are costly and many are easily preventable: The average cost to resolve a data breach in 2010 was $7.2 million. Of the various causes of data breaches, those due to insecure policy are readily preventable. Insecure policy was the second most common cause of data breaches across all sectors that could lead to identity theft in 2010, responsible for nearly one third of the total. Many data breaches due to insecure policy can be prevented with measures such as the development of stronger security policies and ensuring that all users are educated in company security and data management policies.

Hacking continues to be the leading cause for identities exposed: Although hacking was only the third most common cause of data breaches that could lead to identity theft in 2010, it was the top cause for reported identities exposed, with 42 percent of the total. In 2009, hacking was responsible for 60 percent of identities exposed. The average number of identities exposed per data breach was 262,767, with the three largest reported breaches accounting for 7.4 million identities exposed.

Type of information exposed in deliberate breaches

Data

Figure 11. Type of information exposed in deliberate breaches
Source: Based on data provided by OSF DataLossDB (due to rounding, percentages may not total 100 percent)


Customers are the favorite target: Customer-related information was the most exposed type of data in 2010, both for deliberate breaches and the identities exposed in those breaches. Customer-related data may be more attractive because it typically contains financial information such as credit card numbers and bank account numbers that can be used for lucrative fraud schemes and large financial payouts. For example, in one insider-driven data breach, an employee stole customer information and used it to commit fraud to the amount of $150,000. In another case, employees used stolen customer credentials to file fraudulent tax claims. Upon discovery, the alleged culprits had $290,000 spread across 17 bank accounts.