We at BlackRidge Technology are probably just like you: astounded by the seemingly endless barrage of cybersecurity data breaches being reported. This is not just your imagination. In fact, according to the ID Theft Resource Center (ITRC), 2013’s tracked breaches are up 30% over 2012.
And this fact is even more amazing when you consider that the numbers of breached records reported by the ITRC do not include breaches where only user names, emails and passwords are the “compromised data”. Reported numbers instead include only incidents which contain “Personal Identifying Information (PII)” which involve such things as credit card and social security numbers. While the breach itself is included in the overall report, the numbers of records compromised are not, so the actual numbers of compromised records is likely much greater.
Realistically, even if this data was attempted to be included, it still would not accurately reflect the actual total since “On average, 42% of the reported breaches over the past seven years have not included the number of records in either the breach notification letters to various state attorneys general or the public notice via media. Combine this with the fact that 32% of the breaches are reported with no known attributes, and it remains very difficult to determine what kind of information was compromised, let alone how many records.”(ITRC)
But even without this content understanding, the reported number of incidents, and the associated number of records compromised in those breaches, remains enormous. This list represents some of the more outstanding incidents for 2013:
- New York Times and Wall Street Journal Reporters hacked by China for international sources, many now no longer accessible.
- Florida Department of Juvenile Justice – 100,000 employees and youth offender records
- Twitter – 2,500,000 user records
- Apple – 275,000 developer user records
- Schnucks – 2,400,000 credit card numbers
- Evernote – 50,000,000 account records
- Living Social – 50,000,000 user accounts
- Kirkwood Community College – 125,000 student social security numbers
- Washington Court System – 160,000 Social Security and Driver License numbers
- Homeland Security – tens of thousands of employee records
- Facebook – 6,000,000 user records
- NSA – spying on “everyone in America” as Snowden has revealed
- IRS – 100,000 social security numbers
- University of Michigan – 33,000 ticket office user records
- Missouri Credit Union – 39,000 member records
- U.S. Department of Energy – 104,179 employee records
- Northrup Grumman – 70,000 employee records
- Windhaven Investment Management – 44,000 account records
- Virginia Tech – 144,963 applicant records
- Republic Services – 82,160 employee records
- Adobe – 2,900,000 user records
- AHMC Healthcare – 729,000 medical records
- International SOS Assistance, Inc. – 164,000 insured traveler records
- Maricopa County Community College – 2,500,000 student, employee and supplier records
- CorporateCarOnline – 850,000 limo user (many high profile persons) records
- Target – between 70,000,000 – 110,000,000 customer records
- JP Morgan, Chase & Co. – 465,000 corporate and government holders of prepaid cash card records
In total, 2013’s reported exposed records as of Jan 1, 2014 was 57.9 million records with a 28.1% increase year over year of exposed social security numbers and a 41.2% similar increase in the number involving credit or debit card numbers. This is occurring across all organization segments irrespective as to whether it is public or private, and/or government or commercially focused. Clearly something needs to happen to turn this tide!
BlackRidge holds a key to do just that. With our patented “First Packet Authentication” technology underlying our “Identity Aware Networking” solution, we know we can effectively intercept and divert the majority of these external, as well as internal, data breaches. Our technology need not be limited to one platform or hardware basis. In fact, it need not be limited to the data center or even to computer mainframes, desktops and other normally associated computing devices. It can also be adopted by network attached “things” such as Smartgrid devices, home appliances, and car navigation systems. We actually can imagine a “world of environments” that can benefit from this simple, yet far reaching protection from which networked environments can benefit.
With increasing threat to, and actual violation of what otherwise is thought to be “secure” environments, wouldn’t a better understanding of what we can offer be worthwhile? Security is not just a “nice to have”. It is a critical element customers and users demand and expect. Are you doing all that you can?