Thursday, February 12, 2015

Data breaches

(courtesy WSJ)

Data breaches increased 49% with almost 1 billion data records compromised in 1,500 attacks in 2014 – a 78% increase in the number of data records either lost or stolen in 2013, a new report by digital security firm
Gemalto saGTO.AE +2.92%id. The Netherlands-based firm said about 575 million records were compromised in 2013. theft was by far the largest type of attack, with 54% of the breaches involving the theft of personal data, up from 23% in 2013.
Data records are defined as personally identifiable information such as email addresses, names, passwords, banking details, health information, and social security numbers.
Gemalto said that less than 4% of the total number of data breach incidents involved data that was encrypted in part or in full, meaning both that encrypted data is more secure, but also that many companies and organizations are still not encrypting their users’ data.
US health insurer Anthem, for example, stored the Social Security numbers of 80 million customers without encrypting them, the result of what a person familiar with the matter described as a difficult balancing act between protecting the information and making it useful. Anthem discovered last week that hackers had broken into the database and made off with information on tens of millions of consumers, likely making it the largest computer breach disclosed by a health-care company.
In Europe, the U.K. had the most data breaches by far, with 117 breaches, followed by France with 9 and Germany with 8 breaches. The U.K. came 2nd for the most data breaches worldwide, behind the US in first place. Around 76% of all data breach incidents in 2014 took place in the US.
The retail industry suffered the most breaches, and saw its share in data breaches increased from 29% in 2013, to 55% in 2014. There was an increase in the number of attacks on point-of-sale systems. Government agencies and other public sector organizations experienced 17% of the total number of attacks, involving some 50 million data records.
“We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number,” said Jason Hart, vice president of cloud services, identity and data protection at Gemalto.
The report comes on the heels of an attack on the sites of the Dutch government this week. The government said the disruption to many of its sites was the result of a distributed denial of service attack, and was being investigated by the National Cyber Security Center.
The White House on Tuesday said it would create a new office to sort through intelligence data about cyberthreats, integrating information from various agencies like the NSA and CIA then distributing it more broadly.