The Identity Theft Resource Center (ITRC) has been tracking data breach statistics for more than six years, and as the organization has witnessed the number of incidents rise, several trends have also become apparent.
In a recent report given to InformationWeek in advance of its release, the ITRC announced that hackers are now responsible for more of the data breaches it tracks than any other source. The organization defines a hacking incident as one that is set off by “a targeted intrusion of a data network,” and these situations accounted for 26 percent of known or reported data breaches in 2011.
When counting all attacks carried out with malicious intent – perpetrated from both inside and outside the organization – these incidents accounted for 40 percent of all data breaches.
The loss of data in transit – stored on portable drives or laptops, etc. – was responsible for 18 percent of last year’s data breaches, while insider theft of information accounted for 13 percent.
Overall, there were 419 reported incidents in 2011, with a total of more than 22 million records exposed. Looking deeper, 62 percent of breaches involved Social Security numbers and 27 percent included payment card details, according to InformationWeek.
What’s most concerning, however, is that the actual number of incidents could be much higher. Data breach notification laws vary by state, which means that many may actually slip through the cracks and go unreported.
“Breaches have long been unreported, or underreported,” Karen Barney, ITRC’s program director, told InformationWeek. “Any efforts to accurately quantify the actual number of breaches, and resulting number of compromised records, are stymied in the absence of mandatory reporting on a national level.”
Already this year, the ITRC has tracked a total of 10 data breaches that have exposed more than 100,000 records as of January 17. However, the ITRC’s most updated information does not break down the incidents in terms of cause.
Several serious hacking incidents marred 2011 for many businesses, and the end of the year was no different. During the Christmas holiday weekend, cybercriminals who claimed to be associated with the infamous Anonymous hacking group broke into the network of global security intelligence firm Stratfor. The incident exposed the payment card and other sensitive information of millions of Stratfor clients and companies that have purchased its publications.
Recently, Stratfor CEO George Friedman acknowledged that the company had faced continuing cyberattacks throughout the month of December.