Data breaches suffered by private companies and public institutions increased by more than 40% year-on-year in 2012, with over 160 million people having their personal information compromised, according to a new study. The auditing company KPMG says there was a total of 835 separate incidences of data breaches this year and deliberate ‘hacking’ of companies accounted for 67% of the data loss. KPMG claims these figures depict a “shift” from the accidental loss of data to “deliberate theft”.
“Several of the world’s largest companies have been targeted over recent months by hackers who have grown in sophistication,” said a company rep. “It is now not just a lone hacker sitting in their bedroom but, in many cases, serious organisations backed by nation states who are leading this new phenomenon.”
KPMG says the biggest sector affected by data loss is media companies – both private and public – followed by bodies such as “clubs, unions and community centres” and then the retail sector. The biggest driver behind the data loss is the theft of “personally identifiable information” (46%), such as names and credit cards, followed by password theft (16%).
Obviously, KPMG has a vested interest in promoting such information as it performs risk audits, but it still begs the question – just how safe is our data? Every year we entrust more and more personal information into the hands of private and public entities and governments are increasingly gunning for large centralised databases.
However, there’s little debate in the media over the vulnerability of company and government security systems. Even after the spectacular data breaches carried out by the Lulsec group in 2011, the mainstream media debate remained focused on the criminality of the perpetrators, rather than the weak security of their targets. Are companies and institutions up to the task of providing us with adequate protection over the next few years? We’ll have to wait and see. In the meantime check out below for our top five worst security breaches of the year.
2012′s worst data breaches
Utah Department of Technology Services
In March 780,000 individuals had medical information stolen from the Utah Department of Technology Services. Names, medical diagnostic codes, addresses, social security numbers and other information was compromised. Officials believe the theft occurred somewhere in Eastern Europe.
Wisconsin Department of Revenue
In spring the Wisconsin Department of Revenue made public more than 100,000 social security numbers and tax IDs of US citizens. The embarrassing error occurred when an employee embedded the details in a real estate report, which was published on the department’s website. The information was public for 3 months before anyone realised.
Credit card processing company Global Payments admitted 1.5 million card numbers and other personal information was stolen in a security breach back in February. The Atlanta based company processes more than $120 billion in credit card transactions per year. Visa removed Global Payments from its list of processors following the breach.
South Carolina Department of Revenue
Over 3 million unencrypted bank account numbers, social security numbers, credit card details and tax returns were stolen from the South Carolina Department of Revenue in September. The department declined to say where the attack originated from.
LinkedIN and eHarmony
In an attack believed to carried out by the same individual, social network LinkedIn and dating site eHarmony had millions of account passwords stolen and published online this summer. LinkedIn’s hack was the more serious, with 6.4 million passwords accessed, while eHarmony confirmed that 1.5 million user passwords were pinched.