The Identity Theft Resource Center® has found that hacking accounted for the largest number of breaches in 2011 year-to-date.
Almost 37% of breaches between January 1st and April 5th were due to malicious attacks on computer systems. This is more than double the amount of targeted attacks reflected in the 2010 ITRC Breach List (17.1%).
ITRC point out that their findings do not include the large Epsilon Email Breach as the full findings were are to be disclosed and the effects seen. The findings will not include the massive Sony Playstation Network breach as this was after the report.
Anecdotally the ITRC in their press release also refer to other pieces of research
- Symantec Internet Security Threat Report. This report discloses that over 286 million new threats were identified during 2010. Additionally, the Symantec report said they witnessed more frequent and sophisticated targeted attacks in 2010.
- McAfee found that the most significant threat to businesses was data leaked accidentally or intentionally by employees.
ITRC views employee breaches as two different types of breaches.
1. Accidental breaches are those that happen by employee mistakes, and while they cause harm, the people who made a mistake never intended to injure the company.
2. The insider who intentionally steals or allows others access to personal information is considered a malicious attacker.
“At first it may be difficult to know if a hacking was perpetrated by an insider or outsider,” says Linda Foley, founder of the ITRC and data breach report manager. “ITRC does not have access to the Secret Service’s forensic information has so we can only report on situations when information is released. As of April 5, 11.6% of 2011 breaches with known forms of leakage were insider theft. When these events are added to known hacking attacks, ITRC’s breach database report indicates that 48.2% of published breaches are some form of targeted attack.
Businesses are taking the brunt of hacking attacks, according to published reports of breaches.
- 53.6% of all breaches on the ITRC report were business related.
- The other categories, “Banking/Credit/Financial,” “Educational,” “Government/Military and Medical/Healthcare all dropped in their respective percentage of reported breaches.
Other ITRC finding include:
- Nearly half of breached entities did not publicly report the number of potentially exposed records
- Several medical breaches ranging up to 1.9 million records caused a spike in the total records for the health services field.
ITRC was unable to draw any long term conclusions from these initial findings.
For further details of the ITRC visit.