Key findings from the study include:
-- In the analysis of the eight internal data breaches where harm was found, organized misuse ranged from 3 percent (data leak caused by mishandling data) to 36 percent (targeted employee data theft) of the identities stolen.
-- The identities associated with these internal incidents were up to 24 times more likely be misused than the average U.S. consumer identity.
-- Misuse of the stolen identities occurred in remarkably close proximity to the site of the internal data theft. Fraudulent activity relating to each incident of internal data theft took place within 20 miles of the source, indicating that the stolen identities had not been sold or distributed on a national level.
-- Fraudulent activity reflected a significant increase in attempts to acquire wireless phones. Of the 1,300 cases of attempted fraud, 69 percent targeted the wireless industry.
-- Identities involved in internal data theft were misused in similar patterns to those taken via external attacks in terms of period of use and using the Internet to commit fraud. Most of the stolen identities in the study were used very briefly -- over a period of two weeks. The internal theft activities also focused mainly on online channels. In five of the eight internal data breach cases, 80% of the fraudulent application activity was online.
"In today's data rich environment, organizations continue to struggle
with the human element at the heart of data security," said Mike Cook,
co-founder and chief operating officer, ID Analytics, Inc. "Companies
should be on the alert for what may be the biggest security threat to their
customers-employees with access to sensitive customer data. Given the
balance between the need to grant employees access to information to
complete their job functions and the need to protect sensitive customer
data, we encourage companies to implement
|SOURCE ID Analytics, Inc.|
Copyright©2008 PR Newswire.
All rights reserved