Data Breaches Up, Lost Records Down

According to a recent report from Verizon, data breaches are on the rise. There were 760 data breaches recorded in 2010, compared to 140 breaches in 2009. However, there were approximately four million records stolen in 2010, as opposed to 144 million stolen in 2009.

This means there were fewer large-scale data breaches compromised of multimillions of records, and many more data breaches that compromised fewer records at a time.

Criminals have shifted their focus away from large corporations that have implemented multilayered security measures to protect mass amounts of data, and are now targeting smaller companies with smaller databases, who have yet to implement strong security measures.

Verizon’s study further shows that in 2010, 92% of data breaches were external hack attacks, a 22% increase from 2009. Nearly 80% of the stolen data was accessed via malware that gave attackers back door computer access.

This shift from bigger to smaller breaches may also indicate that hackers are realizing that big breaches get more attention, and therefore increase their chances of being caught. Furthermore, a breach of 100 million credit card numbers might be discovered quickly, and all those credit numbers would immediately be cancelled. A breach of just 10,000 credit card numbers would be more likely to stay under the radar, meaning those cards would remain active for longer.

There are now multiple breach lists, and not all define a data breach the same way. According to the Identity Theft Resource Center, there were at least 662 data breaches in 2010, which exposed more than 16 million records. Nearly two-thirds of breaches exposed Social Security numbers, and 26% involved credit or debit card data.

The ITRC elaborated, “Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events that occur. It is clear that without a mandatory national reporting requirement, many data breaches will continue to be unreported, or under-reported.”

Identity theft can happen to anyone. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)