Year of the Hack: Review of 2009 Data Breaches
Heartland Heads List of 62 Breaches Affecting Financial Institutions There were 62 data breaches involving financial institutions in 2009 - three of them occurring in the last month of the year.These breaches represent only a portion of the total of 498 incidents compiled in the 2009 Data Breach Report compiled by the Identity Theft Resource Center (ITRC), based in San Diego, CA. But the largest of them, the Heartland Payment Systems breach, involved an estimated 130 million credit and debit card numbers taken, accounting for more than half of the 222 million records potentially taken in 2009.
Insiders caused the largest number of data breaches within the financial services industry, says Jay Foley, executive director of the ITRC, and this threat will continue to be a problem for financial institutions in 2010, "The numbers come out almost every year, and they have said for the past eight or nine years that 70% of all hacking happens internal to the company," Foley says. "You need to know who is going where and what they are doing and why they are doing it. You need to set up established parameters for who gets to go into the data."
The breakdown of the types of the breaches shows these numbers:
- Insider Threat - 16;
- Missing Paper Documents -15;
- Skimming - 8;
- Stolen or Missing Hardware - 8;
- Outside Network Intrusions - 5;
- Unknown Cause - 4;
- Exposure of Data on Web - 4;
- Accidental breach - 2.
May was the month with the most breaches (10), followed by August with 9 and March with 8.
June was the month with the fewest recorded breaches - just one.
For details on each of the 2009 data breaches, please review the interactive timeline.