Tag Archives: Data Breach

Identity Fraud Incidents Continue Upward Trend

One million more consumers became victims of identity fraud in 2012, and the dollar amount stolen rose to $21 billion –  the highest level since 2009.

The 2013 Identity Fraud Report by Javelin Strategy & Research found 12.6 million victims of identity fraud in the United States in the past year, which equates to 1 victim every 3 seconds.

The report also found that nearly 1 in 4 data breach letter recipients became a victim of identity fraud, which is the highest rate since 2010. This underscores the need for consumers to take all notifications seriously, Javelin said.

Breaches involving social security numbers were the most damaging. The study found consumers who had their social security number compromised in a data breach were five times more likely to be a fraud victim than an average consumer.

The good news is that companies appear to be responding more quickly to incidence of fraud. The study found a consumer’s information is being misused for an average of 48 days in 2012, down from 55 days in 2011 and 95 days in 2010.

Misuse time was down for all types of fraud including fraud on cards, loans, bank accounts, mobile phone bills as well as other types.

Small businesses in particular  are losing out to fraud as victims become more selective where they shop after an incident. The study found that 15 percent of all fraud victims decided to change behaviors and avoid smaller online merchants after an incident.

Check out I.I.I. info on identity theft here.

Data Breach Shows Importance of Cyber Liability Insurance

The disclosure of a data breach at  payment  processor  Global Payments has left credit card giants Visa and Mastercard warning that some of the private data of their cardholders may have been exposed.

In a statement, Global Payments said it believes the affected portion of its processing system is confined to North America and less than 1.5 million card numbers may have been exported:

The investigation to date has revealed that Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals. Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained.†

The New York Times reports that  while far from the largest breach of credit card data in recent years, this latest incident underscores concerns about the vulnerability of electronic financial data.

Readers may remember the disclosure of a similar data breach at another credit card processor, Heartland Payment System back in 2009. That breach began in 2007 and exposed the data on 130 million credit cards. Heartland estimated breach-related expenses at $140 million, including fines, settlements and legal fees.

A benchmark study of 51 U.S. companies by the Ponemon Institute found that the average cost of a data breach increased to $7.2 million in 2010, up 7 percent from $6.8 million in 2009. The average breach cost companies $214 per compromised record up from $204 in 2009, it found.

Despite the fact that cyber risks and cyber security are widely acknowledged to be a serious threat, a majority of companies today still do not purchase cyber liability insurance. However, a recent I.I.I. paper indicates that this is changing.

It’s worth noting that ID theft remains the number one consumer complaint received by the Federal Trade Commission (FTC), accounting for 15 percent of all fraud complaints in 2011. Some 279,156 identity theft complaints were reported to the FTC in 2011, up 11 percent on the previous year.

Check out I.I.I. facts and statistics on identity theft and cyber security.

Data Breach Risk Still Top for Financial Services

Data breaches continue to occur within all types of organizations, some more than others, according to a just-released report from Verizon Business and the U.S. Secret Service.

The 2010 Verizon Data Breach Investigation Report found that financial services, hospitality and retail still comprise the “big three† of industries affected (33 percent, 23 percent and 15 percent respectively) by data breaches.

A growing percentage of cases and an astounding 94 percent of all compromised records in 2009 were attributable to financial services, the report revealed.

For companies trying to manage this risk, the good news is that the overall number of data breaches declined in 2009.

According to the report, some 143 million records were compromised in breaches investigated in 2009, a 50 percent drop from over 360 million compromised records in 2008.

As was the case in the previous year, most of the losses in 2009 came from only a few breaches. The average number of records lost per breach was 1,381,183, the median a scant 1,082, according to the report.

Payment card data was still the most commonly breached data type, but accounted for 54 percent of cases in 2009, down from 81 percent of cases in 2008. Personal information and bank account data were the second and third-most compromised data types.

The study also found that data breaches last year involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.

Organized criminal groups were responsible for 85 percent of all stolen data last year, the report said.

The findings underscore the potentially enormous liability facing businesses when a data breach occurs. Specialized cyber risk coverage is a key purchase to help businesses manage this risk.