SAN FRANCISCO & NEW YORK--(EON: Enhanced Online News)--Of the 16 million victims notified in 2012 that their payment card information was compromised in a data breach, more than 25 percent of them also suffered identity theft, according to the new study: Data at Rest is Data at Risk: Confronting a Singular Threat to Three Major U.S. Industries.
“Identifying and protecting the sensitive information typically stored by these industries is essential for mitigating the risk of a data breach and, therefore, the risk of financial loss to data custodians, consumers and third-party businesses.”
Conducted by Javelin Strategy & Research (@JavelinStrategy) and commissioned by Identity Finder (@IdentityFinder), the newly-released report reveals that a disturbingly high rate of customers who received data breach notifications in 2012 were also victims of identity fraud. Javelin’s study also reveals payment card and Social Security number data breach victims suffer the highest rates of related fraud. The study examines three high-risk industries: retail, financial and healthcare, and also provides best-practice advice for sensitive data management.
According to the study, retailers will remain prime targets for payment card breaches and fraud as long as payment cards remain a commonly accepted and popular payment method. Financial institutions will continue to be top targets because of large amounts of client data they store, including account information and payment card data. The healthcare industry’s move to digitize protected health information (PHI) through electronic health records holds the potential to reduce costs for healthcare organizations. However, that renders PHI vulnerable to data breaches and could increase costs for healthcare organizations, if not properly managed.
Among those consumers that were notified of breaches in 2012, Javelin found the following:
- 4.4 million Americans were both notified that their payment card information was compromised in a data breach and suffered fraud on their existing credit or debit cards.
- 1.26 million Americans were both notified that their Social Security numbers (SSN) were compromised in a data breach and became victims of identity fraud.
- 270 thousand Americans were both notified that their online banking credentials were compromised in a data breach and suffered fraud on their financial accounts, including checking and savings accounts.
- 324 thousand Americans were both notified that their bank account numbers were compromised in a data breach and became victims of fraud incurred against their checking, savings or other financial accounts.
“By breaching the data stores of businesses in the financial, healthcare and retail industries, criminals can obtain the fuel they need to execute various fraud schemes, and these crimes have crippling consequences,” said Al Pascual, Senior Analyst of Security, Risk and Fraud at Javelin Strategy & Research. “Identifying and protecting the sensitive information typically stored by these industries is essential for mitigating the risk of a data breach and, therefore, the risk of financial loss to data custodians, consumers and third-party businesses.”
To protect data-at-rest from compromise and subsequent misuse, Javelin recommends ongoing risk assessments for the financial industry, healthcare organizations (including their business associates) and retailers. For these assessments to be successful, businesses should do the following:
- Locate and identify sensitive data. Sensitive data is any data that has value to the organization or can expose them to risk if compromised. Sensitive data should include consumer bank account information, payment card data, SSNs and other types of personally identifiable information (PII), as well as trade secrets.
- Classify sensitive data accordingly. Categorize the information using a naming convention appropriate to the organization. This step can ease efforts to control the access, routing and storage of different types of data.
- Secure data based on risk profile. Deploy security measures commensurate to the risks associated with the loss of respective categories of data.
- Develop policies to mitigate future data management issues. Implement and enforce policies designed to prevent unprotected data from being stored outside of approved locations.
For complete findings and survey methodology, please visit: http://www.identityfinder.com/us/Files/JavelinDataRiskPart1.pdf.
About Javelin Strategy & Research
Javelin Strategy & Research, a division of Greenwich Associates provides strategic insights into customer transactions, increasing sustainable profits for financial institutions, government, payments companies, merchants and other technology providers. Javelin’s independent insights result from a uniquely rigorous three-dimensional research process that assesses customers, providers, and the transactions ecosystem.
About Identity Finder
Identity Finder, LLC, based in New York, NY, is the leader in sensitive data management. Its security and privacy technologies provide businesses and consumers the ability to prevent data leakage and identity theft.