Verizon study: data breaches quintupled in 2010

In 2010 the number of breaches skyrocketed to 760 from 141 the year before, according to the "2011 Verizon Data Breach Investigation Report"

Criminals carried out more but smaller data thefts last year than in previous years, indicating a shift toward simpler exploits that run lower risk of punishment, according to Verizon's latest data breach report.

In 2010 the number of breaches skyrocketed to 760 from 141 the year before, according to the "2011 Verizon Data Breach Investigation Report".  At the same time the number of actual records compromised by the breaches plummeted from 144 million in 2009 to 4 million in 2010.

TIPS: Verizon's 12-Step security program

On average, then, in 2009 the number of records stolen per breach was about 1.02 million. For 2010 that number was 5,263.

What's going on? The type of data being sought by criminals shifted from payment card numbers to intellectual property, information about business processes and deals being made between businesses, says David Ostertag, global investigations manager for Verizon.

"With intellectual property they may get one record but it will have a much higher value than one payment card record," Ostertag says.

In cases where payment card information was stolen, the number of records taken per breach was much less, indicating that criminals are trying to minimize the attention they draw, he says. "There's less chance of being caught because fewer resources are being applied to catch them," he says.

That may already be changing, though, with early results from 2011 indicating a surge in high-volume data breaches. The motivation may be that stockpiles of stolen card data have been depleted over the past year and more are needed to replenish them. "Supply and demand has a lot to do with it," he says. "The bad guys need a new supply."

HISTORY: Smartphone security follies

Also anecdotally, there seems to be a recent uptick in unauthorized peer-to-peer traffic on networks, Ostertag says, which could be criminals doing research and development on ways to send data out once it has been compromised.

"They're better at getting in, but not at exfiltrating the data," he says.

Threats from outside businesses has also jumped dramatically from 70% to 92%, which may be due to commoditized attack tools that are simpler to use and therefore used more often,  he says.

Hospitality, retail and financial services industries accounted for 87% of all the investigated data breaches.

Financial institutions in previous years accounted for 90% or more of compromised records, but that fell dramatically in 2010 to 35%. The reason is some breaches in past years that involved millions of records were from financial institutions. Also, criminals may be focusing more on other thefts than credit card numbers. These include theft of intellectual property, authentication data, and turning machines into bots to serve botnets, the report says.

One deceptive result is the 17% of attacks involving insiders. That is a drop from 48% in 2009, but the actual number of insider breaches remains about the same. So the threat to businesses from insiders has stayed relatively constant; it's just the total number of breaches that has dramatically increased to skew the percentage, says

Mobile devices have not been seen compromising systems, Ostertag says, but they have been used in compromising data.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitycybercrimelegaldata breachanti-malware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?