Home / News

2010 Data Breach Report from Verizon, US Secret Service

A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service has found that breaches of electronic records in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.

Key Findings of the 2010 Report include:

• Most data breaches investigated were caused by external sources. 69% of breaches resulted from these sources, while only 11% were linked to business partners. 49% were caused by insiders, which is an increase over previous report findings, primarily due in part to an expanded dataset and the types of cases studied by the Secret Service.

• Many breaches involved privilege misuse. 48% of breaches were attributed to users who, for malicious purposes, abused their right to access corporate information. An additional 40% of breaches were the result of hacking, while 28% were due to social tactics and 14% to physical attacks.

• Commonalities continue across breaches. As in previous years, nearly all data was breached from servers and online applications. 85% of the breaches were not considered highly difficult, and 87% of victims had evidence of the breach in their log files, yet missed it.

• Meeting PCI-DSS compliance still critically important. 79% of victims subject to the PCI-DSS standard hadn’t achieved compliance prior to the breach.

The report also says the decline in the overall number of data breaches may be due to a number of factors, including “law enforcement’s effectiveness in capturing criminals.”

Related Links:
Full PDF copy of the “2010 Data Breach Investigations Report” / Press Release
Hacked Companies Hit by the Obvious in 2009 Brian Krebs, Jul.28.2010

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API