Hackers grabbed more than 285M records in 2008

Apr 15, 2009 By JORDAN ROBERTSON , AP Technology Writer

(AP) -- Hackers made off with at least 285 million electronic records in 2008, more than in the four previous years combined, according to a new study that shows identity thieves are getting better at exploiting careless mistakes that leave companies vulnerable to attack.

The number comes from a study of 90 data breaches investigated by Inc., which is hired to do a post-mortem on most big computer intrusions.

No victims are identified in the report. Many of the breaches aren't even public. That can happen if law enforcement insists on secrecy because of an ongoing , or if personally identifiable information wasn't lost in the hack.

In many breaches, especially involving lost or stolen laptops, the records aren't used for anything at all.

Verizon's study looked only at breaches involving attacks that resulted in compromised records being used in a crime, like making counterfeit credit cards and buying homes and medical coverage under someone else's identity - and on their dime.

The company found that 90 percent of the breaches it investigated could have been avoided with basic security measures.

One of those is recognizing how valuable so-called "non-critical" computers are to hackers.

Peter Tippett, vice president of research and intelligence for Verizon's business security solutions division, says criminals aren't looking to crash through the front door with a brazen computer attack. Often they're content to feel around the edges and look for vulnerabilities that can get them in through the equivalent of a side window.

Even by tapping into computers of low-level employees who don't handle sensitive data, hackers can get a toehold for installing more that scans the network traffic and looks for vulnerabilities in other computers.

The study also found that data breaches are getting more severe because criminals are using sophisticated new programs that were custom-designed for particular attacks and weren't known to the security community or law enforcement.

Verizon says 93 percent of all compromised records in its study came from the financial sector.

---

On the Net:

Verizon's report available at:

http://www.verizonbusiness.com

©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Tweet much to gain popularity is an inefficient strategy

add to favorites email to friend print save as pdf

Related Stories

Is danger of identity theft overblown?

May 23, 2006

The announcement yesterday about the loss of personal electronic data on up to 26.5 million veterans is the latest in a string of similar reports about information security breaches at major institutions in the last two year ...

Breaches emphasize need for scanning, encryption

Mar 17, 2009

Recent news reports indicate a computer containing confidential information about the helicopter that transports President Barack Obama was breached by a computer in Iran. In January, Heartland Payment Systems, a company ...

Networking: Human error largely to blame

Apr 17, 2006

What's the most grave IT security threat today? Hackers? Overly complicated corporate networks? None of the above, experts are telling United Press International's Networking column. Good, old-fashioned human error -- not ...

Recommended for you

Tweet much to gain popularity is an inefficient strategy

12 hours ago

The imbalanced structure of Twitter, where some users have many followers and the large majority barely has several dozen followers, means that messages from the more influential have much more impact. Less ...

Five ways to fight online abuse with good manners

13 hours ago

Online and social media's capacity to enable anyone to communicate their ideas and views is much celebrated. So why do so many people feel nervous about getting involved with online debate?

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.