Private data increasingly appears to be at risk. If a laptop loaded with credit card data isn't being stolen, a hacker is breaking into a computer network. More and more, it's a case of the latter.
A survey by the Identity Theft Resource Center found that hacking accounted for the largest number of breaches in 2011 year-to-date. Almost 37 percent of data breaches between January 1st and April 5th were due to malicious attacks on computer systems.
Double the targeted attacks
This is more than double the amount of targeted attacks reflected in the 2010 ITRC Breach List.
The numbers do not include the recent hackings of huge quantities of email addresses from companies. Email addresses alone do not pose a direct threat as long as consumers realize that they are more susceptible to phishing scams, according to ITRC.
Paralleling the ITRC breach report finding is the recently released Symantec Internet Security Threat Report, disclosing that over 286 million new threats were identified during 2010. Additionally, the Symantec report said they witnessed more frequent and sophisticated targeted attacks in 2010.
Also, a new survey by McAfee found that the most significant
threat to businesses was data leaked accidentally or intentionally
by employees. The latter category is considered a malicious
“At first it may be difficult to know if a hacking was perpetrated by an insider or outsider,” said Linda Foley, founder of the ITRC and data breach report manager. “ITRC does not have access to the Secret Service’s forensic information has so we can only report on situations when information is released. As of April 5, 11.6 percent of 2011 breaches with known forms of leakage were insider theft. When these events are added to known hacking attacks, ITRC’s breach database report indicates that 48.2 percent of published breaches are some form of targeted attack.”
The conclusion, says ITRC, is that the hackers are winning. Not only are hackers winning, but so are the thieves who steal unattended laptops and dig into dumpsters behind companies for paper data.
While businesses are often the targets of these attacks, it's usually consumers who suffer. If sensitive data is used to steal identities, it can take the victims months to correct the damage.