Symantec Global internet Security threat report
Although the education sector accounted for the largest percentage of data breaches in 2009, those breaches accounted for less than 1 percent of all identities exposed during the reporting period and ranked fourth (figure 4). this is similar to 2008, when a significant percentage of breaches affected the education sector but only accounted for 4 percent of all identities exposed that year. this is mainly attributed to the relatively small size of databases at educational institutions compared to those in the financial or government sectors. Each year, even the largest universities in the United States only account for students and faculty numbering in the tens of thousands, whereas financial and government institutions store information on millions of people.65 As such, data breaches in those sectors can result in much larger numbers of exposed identities.
in 2009, the health care sector ranked second, accounting for 15 percent of data breaches that could lead to identity theft. in 2008, this sector also accounted for 15 percent, but ranked third. this rise in rank is most likely due to the decreased percentage of breaches that could lead to identity theft in the government sector. the health care sector accounted for less than 1 percent of exposed identities in 2009—a decrease from 5 percent in 2008. Like the education sector, health care institutions store data for a relatively small number of patients and staff compared to some organizations in the financial and government sectors.
Additionally, health care organizations often store information that may be more sensitive than that stored by organizations in other sectors and this may be a factor in the implementation of certain regulatory measures. For instance, as of 2010, greater responsibility for data breaches will be enforced for health care organizations in United States because of regulations introduced by the Health information technology for Economic and Clinical Health Act (HitECH).66
the government sector accounted for 13 percent of breaches that could lead to identity theft in 2009 and ranked third. this is a decrease from 20 percent in 2008 when the government sector ranked second. Although the percentage of these breaches has decreased in recent years, they account for a larger percentage of exposed identities. in 2009, data breaches in the government sector exposed 35 percent of reported identities exposures, an increase from 17 percent in 2008.
the increase in percentage of identity exposures in the government sector is primarily due to a breach attributed to insecure policy from the national Archives and records Administration in the United States.67 A faulty hard drive containing unencrypted personal information on 76 million military veterans was sent to a third-party electronics recycler without first removing the data. this was the largest ever exposure of personal information by the United States government. Earlier in 2009, another hard drive belonging to the national Archives and records Administration was either lost or stolen; it is believed to have contained highly sensitive information about White House and Secret Service operating procedures, as well as data on more than 100,000 officials from the Clinton administration.68
the financial sector was subject to one of the most notable data breaches reported in 2009. this sector ranked fifth for breaches with 10 percent of the total, but accounted for the largest number of identities exposed with 60 percent. the majority of this percentage was the result of a successful hacking attack on a single credit card payment processor.69 the attackers gained access to the company’s payment processing network using an SQL-injection attack. they then installed malicious code designed to gather sensitive information from the network on the compromised computers, which also allowed them to easily access the network at their convenience. the attack resulted in the theft of approximately 130 million credit card
65 66 67 68 69
http://www.osu.edu/osutoday/stuinfo.php http://findarticles.com/p/articles/mi_hb4365/is_21_42/ai_n47569144/ http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/ http://fcw.com/Articles/2009/05/20/Web-nArA-missing-hard-drive.aspx h t t p : / / v o i c e s . w a s h i n g t o n p o s t . c o m / s e c u r i t y f i x / 2 0 0 9 / 0 1 / p a y m e n t _ p r o c e s s o r _ b r e a c h _ m a y _ b . h t m l