GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Hiring trends to watch in 2011

News

Industry Update

UBC first to deliver free POS system

Is the S1-PayPal partnership cause for ISO concern?

TSYS adds acquiring heft with full ownership of FNMS

PRC reports data breaches increase in 2010

Selling Prepaid

Prepaid in brief

Under the hood of hybrid cards

David Parker
Polymath Consulting Ltd.

Is 2011 the year of the health care card

Views

Dodd-Frank repeal unlikely, interchange changes possible

Patti Murphy
The Takoma Group

The impact of card brands' for-profit, public status

Daniel Federgreen
Analyst

Education

Street SmartsSM:
Will leasing make a comeback? - Part 2

Ken Musante
Eureka Payments LLC

Fraud: What to expect in 2011

Nicholas Cucci
Network Merchants Inc.

Experts weigh in on social media marketing - Part 2

Bill Pirtle
MPCT Publishing Co.

ISO legal setup steps

Adam Atlas
Attorney at Law

Surprising growth in global e-commerce

Caroline Hometh
RocketPay LLC

Company Profile

Clairvest Group

New Products

Payments on the fly

wCharge
Transaction Wireless

Inspiration

Navigating with grace through the electronic world

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

January 24, 2011  •  Issue 11:01:02

previous next

PRC reports data breaches increase in 2010

Statistics from the Privacy Rights Clearinghouse, a nonprofit consumer organization, reveal a total of 181 data breaches were made public in 2010 by financial services, insurance and retail businesses, with approximately 6.4 million records compromised as a result.

The number of reported breaches within these sectors grew from 37 in 2009 to 181 in 2010, although the number of records affected was much higher in 2009 (135.1 million) than in 2010, largely due to the massive data breach reported by Heartland Payment Systems Inc. in 2009.

Of the 181 breaches reported in 2010, 95 were experienced by financial and insurance businesses, affecting a total of 6.3 million records, while the 86 breaches suffered by retail merchants involved only about 58,264 records.

Causes of breaches

In addition to industry classifications, PRC categorizes the breaches according to the cause of data loss, including unintended disclosure, theft by insiders, hacking or malware, payment card fraud, physical loss of equipment, and others.

Compromising the greatest number of records (3.8 million) were 23 breaches stemming from lost, discarded or stolen portable devices (including laptops, personal digital assistants, smart phones, portable memory devices or storage media). For 2010, PRC figures also disclosed 43 hacking and malware attacks affecting 249,320 records and 12 reported cases of payment card fraud impacting 25,244 records.

The data accumulated by PRC does not necessarily reflect the actual scope of the problem. Not every state requires reporting of breaches (although the majority do). In many cases, the data reported is incomplete or is difficult to quantify because the exposure is ongoing. In addition, a single massive loss of data can skew the overall statistics significantly, making spotting trends difficult from one year to the next.

Shifting targets

"We still have structural problems in the industry where reporting is often voluntary, or even if it's not optional, it's sometimes not performed," Tim Cranny, Chief Executive Officer of Panoptic Security Inc., pointed out. "The people trying to put these statistics together and look at trends are looking at blurry information with a lot of the good stuff missing, and only partial visibility and partial insight. So it's dangerous to try and do a simplistic, year-to-year comparison."

Two trends Cranny has observed, based on his tenure in the industry, are the increasing sophistication of hacker attacks and the increase in number of attacks on smaller businesses. The hackers "started off focusing on big players first, and then, as the security industry matures, many of those bigger players are doing a better job of protecting themselves and protecting consumers," he said. "What that means is that there are fewer whales to hunt, but that doesn't mean the bad guys just give up." Smaller merchants are increasingly becoming targets because of their vulnerability, Cranny noted. "The smaller players are often less security conscious, and they don't have the same tools and resources," he said.

"So they are falling behind in terms of their ability to protect themselves. What that means is that there is a trend emerging where the bad guys aren't necessarily trying to get a million records in one fell swoop. They might do that, but they also might try a thousand different places and try to get just a thousand records from each."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems