Wired - Although the number of data breaches investigated rose dramatically last year, the number of records actually compromised in those breaches dropped just as dramatically, according to a new report.
The number of records compromised in breaches dropped precipitously over the last two years from 361 million in 2008 to 144 million in 2009 down to just 3.8 million last year, according to the Verizon’s Data Breach Investigations Report (.pdf), released on Tuesday. The number of breaches in which these records were compromised, however, rose from just 141 in 2009 to 760 last year.
The numbers could be attributed to criminals changing tactics from attacking really large targets — such as the TJX retail business and Heartland Payment Systems, where millions of credit and debit card numbers were compromised in a single hack — to attacking a lot of really small targets, such as restaurants and hotels, where the amount of card numbers compromised is measured in thousands instead of millions. And instead of attacking backend servers, criminals are grabbing data before it gets to servers — at automated teller machines where customers type in their PINs or at point-of-sale systems where customers swipe their credit and debit cards to make purchases.
According to Verizon, the changes may be attributed in part to the high-profile arrests of three of the largest cybercrime players in the carding underground. Last year Albert Gonzalez, the convicted ringleader of the group that hacked TJX, Heartland and dozens of other companies, was sentenced to 20 years in prison. Read More
