[Simon Williams] Following on from the piece about Dispatches, I have some more data to add to the discussion. We (ID Analytics) have carried out a detailed analysis of security breaches in the US by comparing 500,000 consumer identities that were revealed in breaches and comparing them with the more than 500 million risk events stored in our network.

Technorati Tags: ,

We found that less than 1 in 1000 of the breached identities were found in subsequent risk events (a fraudlent credit card application, for example). The distribution was very skewed though.  Customer identities uncovered by large scale (and presumed to be untargeted) breaches were rarely used in the risk event, but customer identities uncovered by small scale (and presumed to be targetted) breaches were much more likely to be found in risk events. You can see why, becuase if your name and details are on a stolen laptop
somewhere, you’re probably safe.  But if a thief steals your post, they may well use it.
The person who steals your identity might not be a thief or a call centre worker. Data stolen by friends and family is generally called “familiar” or “family fraud”. It seems like it would be considered data breach, but historically it has not been and so does not show up in statistics. But a colleague of mine pointed out that social networking sites like MySpace and
FaceBook might actually create additional “familiar fraud” because social networks extend and publicise your family and friends network, which is an interesting point to reflect on.
Anyway, the main point I wanted to share from our researches are: data breaches are bad, but they are all very different.  The risk to a specific consumer depends on 1) what was taken, 2) how it was taken, and 3) how much data was taken.

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: