Data breaches. They’re big news—and it’s no wonder. A single corporate data breach could affect dozens, hundreds or even thousands of employees, clients and customers of the company. And rather than decreasing, data breaches seem to be on the rise, along with an increasing identity theft trend.
What are they, and how do they happen? You may be surprised to know that far from a “professional” operation, the typical data breach is achieved by one or several individuals who have actually worked for the company in the past. When it comes to data breaches, identity theft is no longer just an experienced hacker’s game, but instead has spread into the common sector where disgruntled ex-employees return to make an impression that could cost millions.
The Basics of a Corporate Data Breach
The phrase “data breach” refers to an individual or group breaking into, and having access to, a collection of information on one or more individuals or companies. In other words, when a thief hacks computer data or physically breaks into a filing cabinet and nabs information, a data breach has occurred.
In the eyes of an identity thief, illegally accessing data via a computer is much safer than breaking and entering. A camera can capture a thief sneaking into the office after hours, while a computer keeps the criminal one step removed from the process by cloaking him or her in partial anonymity.
Less chance of getting caught is part of why computer corporate data breaches are on the rise—but only a part. The larger issue is that, with a majority of company information now on computers and frequently networked, rather than simply stealing a few files, the thief could potentially have thousands of individuals’ information at his or her fingertips within seconds.
The Danger of a Little Knowledge
Nor does it take a computer expert to devise a data breach plan—and go through with it. According to experts in the area of computer corporate breach activity, “worms” and viruses can be had (for a price) and fairly easily installed to gain access to computer data.
Another common method is phishing, in which official-looking e-mails are sent. The e-mails include an attachment that will download malware (“malicious” + “software”) that will silently track computer activity. When the right information falls into the hands of the criminal—for example, a computer password—the breach is in the bag for the waiting criminal.
Even regular mail is a target. A recent data breach affected 32,000 after thieves broke into the mailboxes of businesses containing sensitive database information. This information was then used to set up fake credit cards.
Even with computer crimes, it still pays to secure your mailbox as well as your database systems.
Dangerous Programs Mean More Data Breaches
Amazingly, the majority of corporate data breaches are currently believed to have been committed, or at least initiated, by current or former employees of the victim company.
A study in March of 2009 showed that 59% of former employees admit to having stolen company data in one form or another. Though not all of these may have resulted in all-out corporate breaches, it’s hard to get an exact number since many such thefts never result in a conviction.
Meanwhile, corporations and even the government are clamping down on security in an attempt to stop data theft, which could result in revenue loss for both the company and its individuals, whose identifying information (including Social Security numbers) may now be exposed to and available for underhanded sale by the thief.
The hope is, of course, that firmer security measures will be put into place by companies that have something to lose…and that’s virtually every business in existence, identity theft experts point out. Further research could helpful, too. In reference to the above study, Mike Spinney of Ponemon Institute commented, “Many firms believe data breaches are the cost of doing business. (But) this study shows these are preventable events.”