New Data Breach Study Shows Over 721.9 Million Records Disclosed, Estimated Cost of $139 Billion

The Digital Forensics Association announces the release of a new research study on data breaches. "The Leaking Vault - Five Years of Data Breaches" analyzes over 2,800 data loss incidents, with a known disclosure of 721.9 million records.
 
July 25, 2010 - PRLog -- Data security breaches are a concern for every organization that holds sensitive data.  Until now, studies released have covered data that either must be kept confidential, or that contain a small number of breaches for analysis.  "The Leaking Vault - Five Years of Data Breaches" analyzes over 2,800 data loss incidents from publicly accessible sources, with a known disclosure of 721.9 million records.  This study—the largest of its kind to date—provides analysis on which breach vectors carry the most risk, and should help provide organizations with more accurate information when combating this problem.

Key findings include:

Organizational sectors studied include Business, Government, Educational and Medical.  These organizations have been responsible for losing on average over 395,000 people's data per day every day for five years.  The study covers January 1, 2005 through December 31, 2009.  With just over 300 million U.S. citizens (and with U.S. record losses at 630.5 million), this means that each U.S. citizen's data could have been exposed more than twice on average.

The most commonly report data breach was a laptop theft incident.  In fact, the Laptop vector was responsible for 49% of all breach incidents.  Laptops were most commonly stolen from a place of business (33% of cases), followed by vehicles (28%).  However, as a vector, stolen laptops were only responsible for 6% of the records lost over the course of the study.  In contrast, the most records were disclosed in Hacking vector breaches—327 million, or 45% of all records exposed.  Hacking accounted for only 16% of the breach incidents, but had an average loss of over 716,000 records per incident.

When an incident involved Insiders, it was more than twice as likely to have been an accident.  Insiders were responsible for 205.9 million records disclosed, but only 29% of the incidents; while Outsiders were responsible for 48% of breaches.  Outsiders also led the record losses, at 357.6 million disclosed.  

When Third Party facilitated breaches occur (16% of the cases), the median number of records disclosed per incident is almost twice the Outsider figure—and more than ten times that of an Insider.  As with the rest of the study, the leading vector for Third Parties is Laptop.  Their lead vector for records disclosed was Hacking.  Third party partners facilitated the disclosure of over 111 million records.

Social Security Numbers (SSNs) are the most frequent data element reported.  The Business sector led in the number of incidents and records disclosed, and was also the leader in disclosing SSNs.  Actually, the Business sector was the loss leader in Credit Card Numbers as well.  Between these two types of data, they account for 70% of breach incidents.

The incidents were analyzed from the perspective of the organizations experiencing the loss, the actors involved (Insiders, Outsiders, Third Party Partners), geography, subsequent criminal use of the data, the data types and the relationships between the disclosing organization and the data subject victim.  The cost of data breaches in this study were calculated to be over $139 billion to the disclosing organizations alone.  Finally, recommendations are made to combat some of the biggest breach vectors.

A complete copy of "The Leaking Vault - Five Years of Data Breaches" is available at:  

http://www.digitalforensicsassociation.org/storage/The_Le...

# # #

The Digital Forensics Association (DFA) is a non-profit organization dedicated to fostering education, providing networking opportunities and conducting research to benefit the digital forensics community.
End
Digital Forensics Association News
Trending
Most Viewed
Daily News



Like PRLog?
9K2K1K
Click to Share