If you’re thinking “What is the population of the United States near the turn of the millennium?” your collection of trivial knowledge is truly impressive and I wouldn’t want to oppose you in Final Jeopardy. In this case, however, you’d have the wrong answer…er, question. The question we’re looking for here is “How many records were compromised among breaches investigated by Verizon Business in 2008?”.

Yes, you read that correctly. I’m as flabbergasted as you are. We knew the number was big when we recently started combing through last year’s statistics in preparation for the upcoming 2009 Data Breach Investigations Report (DBIR), but I don’t think we quite knew it was THAT big. To put this number in perspective, that means 9 records were compromised for every second that ticked by in 2008 – and that’s just among the cases Verizon Business investigated! To put that in further perspective, you may remember that in the 2008 DBIR we reported a figure of 230 million records from cases we worked between 2004 and 2007.

What happened? We’re currently up to our data-loving eyeballs trying to put together an answer to that question. We will have it to you on April 15 in the form of the 2009 Data Breach Investigations Report…so stay tuned.

By Wade Baker

Today, we released a supplement to our 2008 Data Breach Investigations Report (DBIR) that focuses on four major industry groups. As many of you know, the original document compiled four years of data from over 500 cases worked by our Investigative Response team and was intended to be a kind of “state of the union” look at recent security breach and data compromise trends.

(more…)

By Wade Baker

Our 2008 Data Breach Investigations Report presents statistics on the percentage of breaches involving outsiders, insiders and partners (73%, 18%, and 39% respectively). Public reaction to these statistics runs the gamut from revulsion to revelry. This is especially true with respect to the relatively low percentage of breaches tied to insiders. Some seem to think we’ve blasphemed the sacred doctrines of our trade handed down from on high long ago. Others are glad to see their oft-ridiculed beliefs finally vindicated by objective data. Many in the middle are cautious about drawing conclusions, and are unsure what to make of the statistics.

Which reaction is appropriate? We won’t weigh in on that question; we’ll stick to providing data rather than dictating the reactions of others. We would, however, like to address the underlying questions fueling such reactions – whether these statistics are bogus, biased or believable.
(more…)