Verizon Business: PIN-based data breaches up

Verizon Business released its 2009 Data Breach Investigations Report today, and it offers what has become an all too familiar assessment of cybercrime: Crimes continue to multiple and evolve, and some companies still fail to fulfill even the most basic security measures that could help them avoid being victimized.

The report states that about 285 million electronic records were breached during 2008, a figure that shockingly tops the total number of records breached in the previous four years combined. Financial services firms have become the primary victims of these attacks, and cybercrimes increasingly have focused on customers' personal identification numbers. Wade Baker, research and intelligence principal for Verizon Business, said PINs are the hot items on the cybercrime black market.

He added that cybercrime events that leverage stolen PINs often results from the most basic of security lapses--easy availability of and access to passwords and other gating information that has somehow fallen through the cracks and into a criminal's hands, Baker said. Such lapses could be avoided with more attention by companies to managing password changes and de-activating old passwords. "Getting in the door [to commit a cybercrime] is usually just as easy as obtaining a lapsed user i.d. and password," Baker said. "If we could just get to a point where those kinds of simple attacks become too difficult, we could take a big chunk of cybercrime out of the game."

For more:
- Verizon has more info at its security blog
- Network World has this story

Related articles
A Verizon study last year suggested inside-job security attacks are uncommon
Verizon has said security strategies needed to be tailored to specific industries

Suggested Articles

Chris Young is leaving his role as CEO of cybersecurity firm McAfee to become a senior advisor with TPG Capital, which has a majority stake in McAfee.

CenturyLink wins a $1.6 billion contract with the U.S. Department of Interior to upgrade its network services and modernize its IT solutions.

Microsoft announced that it is committing to becoming carbon negative by 2030 and that it will eliminate all past carbon emissions by 2050.