X

Verizon: Hacktivists stole 100 million+ records in 2011

Hacktivists emerge as a big threat in 2011, targeting large organizations and stealing more records than financially motivated criminals, report finds.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read
This table shows how most of the external causes for data breaches (which is nearly all of them) are organized crime, but that hacktivists were behind theft of most of the individual records. Activists were more interested in larger organizations than smaller ones.
This table shows how most of the external causes for data breaches (which is nearly all of them) are organized crime, but that hacktivists were behind theft of most of the individual records. Hactivists were more interested in larger organizations than smaller ones. Verizon
Financially motivated criminals were behind most of last year's data breaches, but hacktivists stole almost twice as many records from organizations and government agencies, according to the Data Breach Investigations Report being released by Verizon today.

While more than 80 percent of the data breaches in 2011 were due to organized criminal activity, the number of records pilfered from activist groups represented 58 percent of the total, the report finds.

In particular, hacktivists targeted corporations and big agencies, and consumer data. Activist groups accounted for more than 22 percent of the data breaches targeting large organizations. Meanwhile, 95 percent of the records compromised last year included personal information about individuals, compared with only 1 percent the year before, Verizon said.

Financially motivated cyberthieves tend to do more breaches in total than hacktivists, but grab smaller amounts of data at a time and target smaller organizations that are low-hanging fruit, according to the report.

"This new trend contrasts sharply with the data breach pattern of the past several years in which most of the data was stolen by cybercriminals whose primary motivation is financial gain," said Wade Baker, Verizon's director of risk intelligence.

In total, there were 855 data breaches across 174 million stolen records, representing the second highest data loss Verizon researchers have seen since they began compiling data in 2004. More than 80 percent used hacking, nearly 70 percent incorporated malware, and only 7 percent used social tactics.

Related stories

A different study released this week found that for the first time data breach costs have decreased and fewer customers are abandoning companies that have been compromised.

The Ponemon Institute and Symantec released a report yesterday that found that the average total cost of a data breach last year dropped to $5.5 million from $7.2 million a year earlier. Per record, the cost dropped to $194. "It's not a huge difference, but it's not chump change either when you add up the records," said Larry Ponemon, chairman and founder of the Ponemon Institute.

Lost business costs from a breach declined 34 percent to $3 million, which includes abnormal turnover of customers, or churn, increased customer acquisition activities, reputation losses, and diminished goodwill. The average abnormal churn rate was down 18 percent. Meanwhile, malicious attacks represented 37 percent of all data breaches, negligent insiders caused 39 percent of the cases, and system glitches were attributed in 24 percent, according to Ponemon.

Not surprisingly, organizations that have a chief information security officer had lower costs for data breaches. "It is a signal that the organization has got its act together from a governance perspective and are more likely to be able to deal with a breach from a regulatory and controls standpoint," Ponemon said.