Reports examine causes, victims of data breaches
Verizon Business releases a four-year study on the causes of corporate breaches, while the Identity Theft Resource Center releases its annual look at human victims of identity fraud.
On Wednesday, Verizon Business released a four-year study concluding that 9 out of 10 corporate data breaches could have been prevented, had appropriate security measures been taken. The Verizon report includes the results of more than 500 forensic investigations, including three of the largest data breaches ever reported.
Meanwhile, the Identity Theft Resource Center released its 2007 report on identity theft, offering comparisons to data it's collected over the last five years.
Verizon found that 73 percent of the data breaches were the result of outside sources, with only 18 percent from insider threats. Of the outside sources, 39 percent were attributed to business partners. Third parties, not victimized organizations, discovered 75 percent of the breaches.
Attack methods vary around the world, Verizon found. Attacks from Asia, China and Vietnam in particular, often involve application exploits. Attacks from the Middle East involve site defacements. And attacks from Eastern Europe and Russia involve point-of-sale compromises.
The ITRC report looks at the other side: the impact of identity fraud on its victims. In 2007, 57 percent of stolen information was used to open a new line of credit, while 13 percent was used to order cable and or other utility services.
Eighty-two percent of the victims learned of the theft through creditors or collection agencies, up from 76 percent a year ago. Only 10 percent found out through proactive measures, with 8 percent identifying something on their credit reports.
More disturbing, 62 percent of the respondents to the ITRC survey reported that thieves had committed crimes, such that warrants were issued in the victim's name.