Verizon Business: PIN-based data breaches up

Verizon Business released its 2009 Data Breach Investigations Report today, and it offers what has become an all too familiar assessment of cybercrime: Crimes continue to multiple and evolve, and some companies still fail to fulfill even the most basic security measures that could help them avoid being victimized.

The report states that about 285 million electronic records were breached during 2008, a figure that shockingly tops the total number of records breached in the previous four years combined. Financial services firms have become the primary victims of these attacks, and cybercrimes increasingly have focused on customers' personal identification numbers. Wade Baker, research and intelligence principal for Verizon Business, said PINs are the hot items on the cybercrime black market.

He added that cybercrime events that leverage stolen PINs often results from the most basic of security lapses--easy availability of and access to passwords and other gating information that has somehow fallen through the cracks and into a criminal's hands, Baker said. Such lapses could be avoided with more attention by companies to managing password changes and de-activating old passwords. "Getting in the door [to commit a cybercrime] is usually just as easy as obtaining a lapsed user i.d. and password," Baker said. "If we could just get to a point where those kinds of simple attacks become too difficult, we could take a big chunk of cybercrime out of the game."

For more:
- Verizon has more info at its security blog
- Network World has this story

Related articles
A Verizon study last year suggested inside-job security attacks are uncommon
Verizon has said security strategies needed to be tailored to specific industries