NCX Newsletter Banner

If your Internet provider filters incoming e-mail, please add ncxgroup.com to your list of approved senders to make sure you receive NCX Group Security Updates.
DATA BREACH DISCLOSURES FOR FIRST HALF OF 2008
During the first half of 2008, NCX Group listed 169 breach disclosures where significant identity theft was a factor. These disclosures, substantiated by news outlets, letters to state attorneys general, or notifications within specific business sectors or industries, remind us that data exposures can and do happen within all business and service areas. Each year, many studies are done to let us know what industries are taking the most “hits”, what made them vulnerable, and why. The following statistics will provide a basic overview of how data breaches are trending so far this year according to NCX.

In reviewing the information on our 2008 Reported Data Breaches website for the first six months, it would conclude that educational institutions rank highest, exposing 40% of the personal data breaches listed, followed by general business entities at 23%, healthcare and medical at 16%, government at 13%, and financial at 8%, probably because they are so regulated.

These percentages are no doubt skewed, though, because many breaches involve multiple businesses that have not been disclosed. Likewise, companies, medical facilities, financial or educational institutions may be noted for a breach, yet the vendor they used who actually was responsible sometimes goes unnamed. As featured in our April newsletter, Contract Vendors Causing Many Breaches, these vendor and business partners are fast becoming the culprits of many of the breaches reported, and as more companies outsource human resource functions we will see this area continue to increase. So based on how the breach was disclosed and reported, and who is taking responsibility for it, will determine the results of the statistics.

ISSUE: July 2008

Subscribe to Security Update Envelope Graphic
2008 Reported Data Breaches
Keep yourself updated on the latest security breach disclosures
Network Attack Map
NCX Vision
See What You’ve Been Missing
Learn more here >>
Picture of SOC
Looking for
Managed Security Services?

Call us at 888-448-5451 or contact us below

To have an NCX Group Representative Contact You
Email us here

NCX Group describes the cause of a breach using the following terms. “Lost” and “Stolen” are defined in more detail on our disclosure web site, but for this purpose it is grouped as one.

TYPE OF BREACH

Percent Description
47%
Lost or Stolen Devices/Laptops/Computers/Paperwork
23%
Hacking – Unauthorized access
15%
Web Exposure – Accessible web applications, security faults
10%
Inadvertent Exposure – Employee error, accidental posting, printing errors, etc.
9%
Improper Disposal – Illegal dumping or undo care when discarding documents
6%
Dishonest Employee – Stealing information for profit, revenge

TYPE OF BREACH BY INDUSTRY / SERVICE CATEGORY

Lost/Stolen Devices
Hacking
Web Exposure
Inadvertent Exposure
Improper Disposal
Dishonest Employee
Education
36%
31%
24%
6%
0%
3%
Business
56%
25%
3%
3%
13%
0%
Financial
31%
46%
0%
0%
15%
8%
Government
54%
5%
18%
18%
0%
5%
Healthcare
60%
4%
18%
4%
7%
7%

Now that more than 44 states (five this year) have a state security notification law, we should see a higher reporting average going forward. Some states list civil penalties for not reporting a data breach so companies and CSOs should know the ramifications. These laws typically require covered entities to implement a breach notification policy, and include requirements for incident reporting and handling and external breach notification. If you use the California law SB1386 as your guide, you should be covered for all the other states since California has the strictest guidelines. NCX Group is also able to help you put your guidelines in place.

To keep your company name off the identify theft reporting sites, develop a security program that meets your company objectives. The best place to start is finding out where your company is vulnerable and what changes are necessary to lower your risk. NCX Group can help you with web application testing, penetration tests, security reviews and business continuity plans. And if the time comes when you need computer forensic help, we can provide the expertise you need.

For more information about our services or for a free consultation on how our experts can help you secure your data at a price that will fit your budget, call us at 888-448-5451 or request a representative to call you.

NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.


NCX Group, Inc.
5000 Birch Street, West Tower, Suite 3000
Newport Beach, CA 92660
888-448-5451
www.ncxgroup.com
Copyright ©2008 NCX Group, Inc. All rights reserved.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you do not wish to receive future NCX Group Security Updates, please email us here