ID Analytics Analysis of 70 Data Breaches in 2005 Shows the Largest Volume Occurred in Education Sector

09 Feb, 2006, 00:00 ET from ID Analytics, Inc.

    SAN DIEGO, Feb. 9 /PRNewswire/ -- ID Analytics, Inc., the Identity Risk
 Management company, today announced findings from its analysis of
 publicly-available information on 70 data breaches that occurred in 2005.  The
 company also announced that a white paper detailing its analysis of four
 actual data breaches is now available.  Announced in December, the detailed
 analysis showed that few of the breached identities appeared to be misused for
 criminal financial gain.
 
     In the recent analysis of public information on 70 breaches, the most
 interesting findings included:
 
     *  The largest volume of data breach incidents occurred in the education
        sector (46 percent)
 
     *  Fifty-seven percent of the identities breached were in the financial
        services sector
 
     *  Almost 70 percent of the breached occurrences were because someone
        targeted the organization through hacking or some other method to steal
        information about consumers
 
     *  Of the publicly-reported data breaches during the study period,
        77 percent were "identity-level," meaning personal identifiers such as
        names and Social Security numbers were breached
 
     *  The majority of the identity-level breaches, 38 out of 54, were
        intentional, meaning the breach appeared to be the result of a
        deliberate theft of identity information from an electronic database
 
     "This high proportion of identity-level breaches suggests that criminals
 know exactly what they are targeting since identity-level information is most
 profitable for committing identity theft," said Mike Cook, ID Analytics'
 co-founder and vice president of product.  "Based on the analysis, we believe
 that fraudsters determined to steal identity information to perpetrate their
 crimes are systematic and deliberate in their attempts."
     However, not all of the breaches in the study were intentional.  For the
 purposes of the analysis, ID Analytics excluded the June 2005 breach of
 40 million account numbers from CardSystems due to its large size.  Excluding
 this breach, more than half (58 percent) of the breached identities in the
 study were actually lost, seemingly through human error, rather than because
 someone targeted the organization to steal the information.
     As part of this study, ID Analytics also analyzed the potential costs of
 these data breaches by estimating such losses as operational costs, consumer
 notification, card re-issuance, credit monitoring services and anticipated
 fraud losses.  The analysis showed that during the period of the study
 approximately $210 million were lost by the affected organizations as a result
 of these breaches.
     "Breaches differ, and the risk to consumers and organizations varies
 considerably based on the type and scope of the data breach," said Bruce
 Hansen, chairman and CEO of ID Analytics.  "What's really most important for
 both consumers and breached businesses is assessing the degree of risk for a
 given breach in order to determine the best next steps to protecting
 consumers, protecting the organization, and stemming financial and
 reputational losses."
 
     National Data Breach Analysis White Paper Now Available
     ID Analytics also announced that its National Data Breach Analysis report
 is now available.  This 36-page paper examines actual data breach files from
 four separate incidents representing approximately 500,000 breached consumer
 identities, providing a first-hand glimpse of how real fraudsters are actually
 using, or not using, breached data to commit fraud.  As announced previously,
 the results reveal that few of the breached identities from the analysis
 appear to be misused for criminal financial gain.  The paper also discusses
 how patent-pending technology can help organizations detect data breaches
 sooner, determine the best next steps following a breach, and ultimately limit
 the harm caused by criminal abuse of breached consumer data.  To request a
 copy of the paper or find out more about ID Analytics Breach Analysis
 Services, email marketing@idanalytics.com.
 
     About ID Analytics, Inc.
     ID Analytics is the Identity Risk Management company providing advanced
 analytic solutions that prevent identity fraud and manage identity risk across
 the customer lifecycle.  ID Analytics' intelligent ID Network, the first and
 only real-time national network built exclusively to manage identity risk,
 makes it possible for organizations to calculate the risk associated with an
 identity and balance identity risk against profit.  The ID Network is in use
 daily by over half the credit and retail card issuer market in the US, as well
 as leading wireless and online consumer finance companies.  To empower
 consumers and to help more organizations in more industries to fight identity
 fraud, ID Analytics has channel partners in the bankcard, credit reporting and
 retail banking industries.  ID Analytics, host of Identity 2006, the annual
 Identity Risk Management Conference Sept. 18-21, is based in San Diego with
 offices throughout North America and the UK.
 
     ID Analytics, ID Score and GTAD are registered trademarks of ID Analytics,
 Inc.  ID Network is a trademark of ID Analytics, Inc.
 
 

SOURCE ID Analytics, Inc.
    SAN DIEGO, Feb. 9 /PRNewswire/ -- ID Analytics, Inc., the Identity Risk
 Management company, today announced findings from its analysis of
 publicly-available information on 70 data breaches that occurred in 2005.  The
 company also announced that a white paper detailing its analysis of four
 actual data breaches is now available.  Announced in December, the detailed
 analysis showed that few of the breached identities appeared to be misused for
 criminal financial gain.
 
     In the recent analysis of public information on 70 breaches, the most
 interesting findings included:
 
     *  The largest volume of data breach incidents occurred in the education
        sector (46 percent)
 
     *  Fifty-seven percent of the identities breached were in the financial
        services sector
 
     *  Almost 70 percent of the breached occurrences were because someone
        targeted the organization through hacking or some other method to steal
        information about consumers
 
     *  Of the publicly-reported data breaches during the study period,
        77 percent were "identity-level," meaning personal identifiers such as
        names and Social Security numbers were breached
 
     *  The majority of the identity-level breaches, 38 out of 54, were
        intentional, meaning the breach appeared to be the result of a
        deliberate theft of identity information from an electronic database
 
     "This high proportion of identity-level breaches suggests that criminals
 know exactly what they are targeting since identity-level information is most
 profitable for committing identity theft," said Mike Cook, ID Analytics'
 co-founder and vice president of product.  "Based on the analysis, we believe
 that fraudsters determined to steal identity information to perpetrate their
 crimes are systematic and deliberate in their attempts."
     However, not all of the breaches in the study were intentional.  For the
 purposes of the analysis, ID Analytics excluded the June 2005 breach of
 40 million account numbers from CardSystems due to its large size.  Excluding
 this breach, more than half (58 percent) of the breached identities in the
 study were actually lost, seemingly through human error, rather than because
 someone targeted the organization to steal the information.
     As part of this study, ID Analytics also analyzed the potential costs of
 these data breaches by estimating such losses as operational costs, consumer
 notification, card re-issuance, credit monitoring services and anticipated
 fraud losses.  The analysis showed that during the period of the study
 approximately $210 million were lost by the affected organizations as a result
 of these breaches.
     "Breaches differ, and the risk to consumers and organizations varies
 considerably based on the type and scope of the data breach," said Bruce
 Hansen, chairman and CEO of ID Analytics.  "What's really most important for
 both consumers and breached businesses is assessing the degree of risk for a
 given breach in order to determine the best next steps to protecting
 consumers, protecting the organization, and stemming financial and
 reputational losses."
 
     National Data Breach Analysis White Paper Now Available
     ID Analytics also announced that its National Data Breach Analysis report
 is now available.  This 36-page paper examines actual data breach files from
 four separate incidents representing approximately 500,000 breached consumer
 identities, providing a first-hand glimpse of how real fraudsters are actually
 using, or not using, breached data to commit fraud.  As announced previously,
 the results reveal that few of the breached identities from the analysis
 appear to be misused for criminal financial gain.  The paper also discusses
 how patent-pending technology can help organizations detect data breaches
 sooner, determine the best next steps following a breach, and ultimately limit
 the harm caused by criminal abuse of breached consumer data.  To request a
 copy of the paper or find out more about ID Analytics Breach Analysis
 Services, email marketing@idanalytics.com.
 
     About ID Analytics, Inc.
     ID Analytics is the Identity Risk Management company providing advanced
 analytic solutions that prevent identity fraud and manage identity risk across
 the customer lifecycle.  ID Analytics' intelligent ID Network, the first and
 only real-time national network built exclusively to manage identity risk,
 makes it possible for organizations to calculate the risk associated with an
 identity and balance identity risk against profit.  The ID Network is in use
 daily by over half the credit and retail card issuer market in the US, as well
 as leading wireless and online consumer finance companies.  To empower
 consumers and to help more organizations in more industries to fight identity
 fraud, ID Analytics has channel partners in the bankcard, credit reporting and
 retail banking industries.  ID Analytics, host of Identity 2006, the annual
 Identity Risk Management Conference Sept. 18-21, is based in San Diego with
 offices throughout North America and the UK.
 
     ID Analytics, ID Score and GTAD are registered trademarks of ID Analytics,
 Inc.  ID Network is a trademark of ID Analytics, Inc.
 
 SOURCE  ID Analytics, Inc.