Posted by: Arian Eigen Heald
Data Breaches, employee theft, Identity theft, information security
I was reading through the list of 2009 reported data breaches/identity theft/etc over on Identitytheft.Info and pondering the patterns that might be visible with a little help of sorting/filtering in Excel.
Part of the problem is that there is no one complete source for gaining hard numbers on medical identity theft, identity theft, data breaches, lost, stolen, etc. Every tracking organization orders their data differently. But just for grins, let’s take this one web page sited above, as a source for analysis, and drop it into a spreadsheet.
Between January 2009 and August 18, there is a total of 237 incidents. Without any further analysis, say to numbers of people/records exposed, we can draw some interesting conclusions:
58 of those incidents involved theft by owners or employees (about one quarter)
52 happened due to hacked networks, servers or PCs
44 happened due to lost, missing or stolen computer equipment containing PII or CC#
32 were due to paper documents in trash (looked in YOUR dumpster lately?)
21 were due to Web or email exposure – i.e., poor custodian security practices
10 were due to Skimming via CC # or ATMs (including some employee & owners)
There were about 20 that defied this simplistic categorization – my favorite was “patient records left on train.”
The first group (58) interested me greatly; it shows the impact (IMHO) of our economy, and, perhaps, the growing awareness on a public level that credit card numbers and personal data are now worth stealing.
The second one I find fundamentally clueless, because there are excellent whole disk encryption products that are FREE.
I was tempted to combine 52 and 21, but refrained simply because there are zero-day exploits out there.
The most appalling, are, of course, the data dumpster droppers. The good news is that there are now data dumpster dropper divers. (Sorry, I couldn’t help it.) At least somebody is looking in dumpsters for this kind of information now. That’s a Good Thing. Anyone who puts that kind of information in the trash should be handcuffed to a shredder, don’t you think?