On Wednesday, Verizon Business released a four-year study concluding that 9 out of 10 corporate data breaches could have been prevented, had appropriate security measures been taken. The Verizon report includes the results of more than 500 forensic investigations, including three of the largest data breaches ever reported.
Meanwhile, the Identity Theft Resource Center released its 2007 report on identity theft, offering comparisons to data it's collected over the last five years.
Verizon found that 73 percent of the data breaches were the result of outside sources, with only 18 percent from insider threats. Of the outside sources, 39 percent were attributed to business partners. Third parties, not victimized organizations, discovered 75 percent of the breaches.
Attack methods vary around the world, Verizon found. Attacks from Asia, China and Vietnam in particular, often involve application exploits. Attacks from the Middle East involve site defacements. And attacks from Eastern Europe and Russia involve point-of-sale compromises.
The ITRC report looks at the other side: the impact of identity fraud on its victims. In 2007, 57 percent of stolen information was used to open a new line of credit, while 13 percent was used to order cable and or other utility services.
Eighty-two percent of the victims learned of the theft through creditors or collection agencies, up from 76 percent a year ago. Only 10 percent found out through proactive measures, with 8 percent identifying something on their credit reports.
More disturbing, 62 percent of the respondents to the ITRC survey reported that thieves had committed crimes, such that warrants were issued in the victim's name.
Harvard says about 10,000 of last year's applicants may have had their personal information compromised. At least 6,600 Social Security numbers were exposed. Worse, a compressed 125 M-byte file containing the stolen student data is currently available via BitTorrent, a peer-to-peer network.
In a statement published Monday night Harvard officials said the database containing summaries of GSAS applicant data for entry to the Fall 2007 academic year, summaries of GSAS housing applicant data for the 2007-08 and 2006-07 academic years, and administrator information had been compromised. The server had been taken offline for several days last month to investigate the extent of the problem.
Most troubling are the 6,600 summaries from admissions candidates from the United States that were copied. Harvard officials said the data includes the applicant's name, Social Security number, date of birth, address, e-mail address, phone numbers, test scores, previous school attended, and school records.
A BitTorrent file containing the stolen data includes a note that reads in part "maybe you don't like it but this is to demonstrate that persons like tgatton(admin of the server) in they don't know how to secure a website." The BitTorrent file consists of a server backup of the GSAS site with a full directory structure and three databases: joomla.slq, the main database; contacts.sql which is a database of contacts; and hgs.sql, a miscellaneous file.
Harvard University has informed the affected students, and apologized for the error. The university said it would provide identity theft recovery services from Kroll Inc. to those who might potentially be affected.
Last week up to 260,000 Medicaid, BadgerCare and SeniorCare participants in Wisconsin received a brochure that had something extra on the address label--their social security numbers. As a consequence, the company responsible for the mailing, Electronic Data Systems (EDS) says it will offer those affected free identity theft insurance and credit monitoring with all three credit bureaus for one year. EDS says the monitoring plus the cost of resending the brochure will cost the company nearly $1 million.
A letter detailing the insurance and monitoring programs will be sent out next week. Affected customers will have 90 days to sign up for the protection.
An article by the Associated Press states, "the mistake was the result of human error. It occurred when data fields were merged to create the address label for the mailing done on behalf of the state Department of Children and Family Services to provide information about the state's new BadgerCare Plus program."
EDS has a $32 million contract with the state of Wisconsin. Over the last 30 years, the company has a flawless track record with Medicaid-related services in the state.
- prev
- 1
- next
