Hackers made off with more than 285 million records in 2008

Published 15 April 2009

Hackers managed to steal 285 million private records in 2008; 93 percent of all compromised records in its study came from the financial sector

Hackers made off with at least 285 million electronic records in 2008, more than in the four previous years combined, according to a new study that shows identity thieves are getting better at exploiting careless mistakes that leave companies vulnerable to attack. Networkworld’s Brad Reed writes that the number comes from a study of 90 data breaches investigated by Verizon Communications, which was hired to do a post-mortem on most big computer intrusions. No victims are identified in the report, and many of the breaches are not even public. That can happen if law enforcement insists on secrecy because of an ongoing criminal investigation, or if personally identifiable information wasn’t lost in the hack. In many breaches, especially involving lost or stolen laptops, the records aren’t used for anything at all.

Verizon’s study looked only at breaches involving attacks that resulted in compromised records being used in a crime, like making counterfeit credit cards and buying homes and medical coverage under someone else’s identity — and on their dime. The company found that 90 percent of the breaches it investigated could have been avoided with basic security measures. One of those is recognizing how valuable so-called “non-critical” computers are to hackers.

Peter Tippett, vice president of research and intelligence for Verizon’s business security solutions division, says criminals are not looking to crash through the front door with a brazen computer attack. Often they are content to feel around the edges and look for vulnerabilities that can get them in through the equivalent of a side window.

Even by tapping into computers of low-level employees who don’t handle sensitive data, hackers can get a toehold for installing more malicious software that scans the network traffic and looks for vulnerabilities in other computers.

The study also found that data breaches are getting more severe because criminals are using sophisticated new programs that were custom-designed for particular attacks and weren’t known to the security community or law enforcement.

Verizon says 93 percent of all compromised records in its study came from the financial sector.