ID Analytics Analysis of 70 Data Breaches in 2005 Shows the Largest Volume Occurred in Education Sector

ID Analytics, Inc., the Identity Risk Management company, today announced findings from its analysis of publicly-available information on 70 data breaches that occurred in 2005. The company also announced that a white paper detailing its analysis of four actual data breaches is now available. Announced in December, the detailed analysis showed that few of the breached identities appeared to be misused for criminal financial gain.

In the recent analysis of public information on 70 breaches, the most interesting findings included:

• The largest volume of data breach incidents occurred in the education sector (46 percent)

• Fifty-seven percent of the identities breached were in the financial services sector

• Almost 70 percent of the breached occurrences were because someone targeted the organization through hacking or some other method to steal information about consumers

• Of the publicly-reported data breaches during the study period, 77 percent were “identity-level,” meaning personal identifiers such as names and Social Security numbers were breached

• The majority of the identity-level breaches, 38 out of 54, were intentional, meaning the breach appeared to be the result of a deliberate theft of identity information from an electronic database

“This high proportion of identity-level breaches suggests that criminals know exactly what they are targeting since identity-level information is most profitable for committing identity theft,” said Mike Cook, ID Analytics’ co-founder and vice president of product. “Based on the analysis, we believe that fraudsters determined to steal identity information to perpetrate their crimes are systematic and deliberate in their attempts.”

However, not all of the breaches in the study were intentional. For the purposes of the analysis, ID Analytics excluded the June 2005 breach of 40 million account numbers from CardSystems due to its large size. Excluding this breach, more than half (58 percent) of the breached identities in the study were actually lost, seemingly through human error, rather than because someone targeted the organization to steal the information.

As part of this study, ID Analytics also analyzed the potential costs of these data breaches by estimating such losses as operational costs, consumer notification, card re-issuance, credit monitoring services and anticipated fraud losses. The analysis showed that during the period of the study approximately $210 million were lost by the affected organizations as a result of these breaches.

“Breaches differ, and the risk to consumers and organizations varies considerably based on the type and scope of the data breach,” said Bruce Hansen, chairman and CEO of ID Analytics. “What’s really most important for both consumers and breached businesses is assessing the degree of risk for a given breach in order to determine the best next steps to protecting consumers, protecting the organization, and stemming financial and reputational losses.”

National Data Breach Analysis White Paper Now Available
ID Analytics also announced that its National Data Breach Analysis report is now available. This 36-page paper examines actual data breach files from four separate incidents representing approximately 500,000 breached consumer identities, providing a first-hand glimpse of how real fraudsters are actually using, or not using, breached data to commit fraud. As announced previously, the results reveal that few of the breached identities from the analysis appear to be misused for criminal financial gain. The paper also discusses how patent-pending technology can help organizations detect data breaches sooner, determine the best next steps following a breach, and ultimately limit the harm caused by criminal abuse of breached consumer data. To request a copy of the paper or find out more about ID Analytics Breach Analysis Services, email marketing@idanalytics.com.