By Woody Leonhard
Every year, the highly respected Verizon Business RISK data crime–investigation team publishes an analysis of major online data thefts it’s been asked to study.
This year, a first-ever joint report by VBR and the U.S. Secret Service presents a fascinating view into the state of the data-stealing art, with many surprising facts that should interest all consumers.
Throughout 2009, according to the 2010 Data Breach Investigation Report (PDF), Verizon investigated 57 “confirmed breaches” that included data theft. The Secret Service investigated 84 similar cases. That’s 141 verified cases covering a total of 143 million data records owned by organizations around the world. Verizon’s efforts led to arrests in 15% of its cases; the Secret Service’s rate was a more-impressive 66%.
As you might imagine, many of the victimized companies don’t want their identities to be known. The report states, “… about two-thirds of the breaches covered herein have either not yet been disclosed or never will be.” Nevertheless, this aggregate report is still important: it gives an excellent overview of security problems that could affect you, the consumer.
Who’s stealing sensitive data? Surprise!
I always assumed that most people involved in stealing sensitive data from organizations — bank records, credit-card numbers, personal information — were rogues acting alone, selling their booty via clandestine channels to the highest bidder.