DATA BREACH REPORT SAYS BREACHES DOWN, INSIDER THREAT UP
The number of records compromised in major data breaches dropped sharply last year, according to a new study being issued today. But the causes of those breaches changed dramatically, shifting strongly toward insider attacks.
Those are just two of the conclusions revealed in the 2010 Verizon Data Breach Investigations. Click HERE for 2010 Verizon Data Breach report. The Verizon study that has been conducted annually by the forensics unit of Verizon Business, and this year combines Verizon’s data with breach data compiled by the U.S. Secret Service.
One of the most striking figures in the new study is that even after combining its own numbers with those of the Secret Service, Verizon recognized a drop in the number of records breached last year. After seeing more than 285 million records compromised in 2008 — 361 million records when combined with the Secret Service data — the combined entities saw breaches of only 143 million records in 2009.
“There’s some speculation that PCI compliance may be a factor in the drop,” says Bryan Sartin, director of investigative response at Verizon Business, “but there are a lot of factors to weigh here. Realistically, we won’t be able to say for sure what caused the drop-off until we’ve got a couple of years of data to look at.”
The investigators did notice a marked drop-off in breaches following the indictment of Albert Gonzalez — the cyber criminal credited with leading the hacks of TJX, Heartland Payment Systems, and others — in 2009, Sartin says. “For 30 to 45 days, the rate of new crimes slowed down,” he reports. “The number of incidents in Japan, which has historically been very quiet, rose to almost the same level as the U.S. There was a lot of shifting during that time period.”