Report: Data breaches, stolen data, organized crime rampant

Share this article:
A new report from Verizon Business Security Solutions shows that there is an escalating worldwide black market for stolen data. The document, called the “2008 Data Breach Investigations Report” spans four years and some 500 forensics investigations involving 230 million records.

Some of the findings in the report include:
  • Most data breaches came from external sources. But breaches attributed to insiders were much larger in scope than those caused by outsiders.
  • Most breaches resulted from a combination of events rather than a single action. And some form of error often directly or indirectly contributed to a compromise.
  • Most breaches go undetected for quite a while and many are only discovered by a third party rather than the victimized organization.
  • Keeping track of data is an extremely complex challenge – often victims were unaware they even had the data that was stolen.
Overall, the report maintains that data compromise is the easiest, safest and most lucrative way for lawbreakers to steal information necessary to commit identity fraud. But there is a new twist.

Bryan Sartin, director of investigative response at Verizon Business, told SCMagazineUS.com, “Instead of randomly targeting organizations, criminals are going after specific people. For example, if a criminal knows that a certain application is used at thousands of enterprises, and that it has security exposures, they will look for vendors who sell or support it.”

And then what happens? How do they exploit honest people? The answer, at least in cases where organized crime is involved, is that they don't. They look for individuals who are in financial straits, labor desperados, or other potential turncoats – typical organized crime exploitation tactics.

“Say an application call center is involved," Sartin said. "They will attempt to find a disgruntled employee and offer money for that person to identify potential enterprise targets."

The black market social network enables criminals to work with one another to find vulnerable systems, compromise data and commit large-scale identity fraud, the report claims. Within this social network, criminal conglomerates maintain access to hackers, fraudsters and other organized crime groups.

A complete copy of the report is available at: http://www.verizonbusiness.com/databreach.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.