Breached Card Details Threaten Privacy

Exposed Financial Data Sparks ID Theft Worries and Trends

By , February 20, 2012.
Breached Card Details Threaten Privacy

Data breaches tied to credit and debit cards accounted for more than 25 percent of all breaches in 2011, according to a new report - a disturbing trend that puts the onus on banking institutions and merchants to bolster payment card security.

See Also: More Threat Vectors, More Security & Compliance Challenges

While breach numbers overall have declined, with breaches in the financial-services sector accounting for less than 4 percent of all breaches tracked by the San Diego-based Identity Theft Resource Center in 2011, compromises linked to payments cards still need attention, says Karen Barney, head of market research for the ITRC.

"In 2010, in response to an increase in the number of highly publicized skimming attacks, the ITRC started identifying breach incidents involving credit and debit cards," Barney says. "In 2011, 26.5 percent of the total breaches tracked by the ITRC involved credit and debit cards," about the same number reported in 2010.

From 2010 to 2011, the financial sector saw losses linked to debit and credit compromises drop from 18.6 percent to 1.6 percent. But merchants and businesses saw jumps in debit and credit losses, from 4.3 percent in 2010 to 12.9 percent in 2011.

Among some of the notable payments-card breaches in 2011:

  • November's point-of-sale breach at California-based grocer Save Mart, which affected more than 20 Save Mart and Lucky Supermarkets, compromising an unknown number of accounts;
  • The Michaels POS breach, which in 2011 hit customer accounts in more than 20 states, again impacting an unknown number of accounts.

In both cases, the merchants were criticized for having lax fraud detection and/or consumer breach notification policies.

Other notable breaches, such as the possible compromise of payments cards linked to Sony, e-mail accounts connected to Epsilon and security tokens issued by RSA, have garnered attention from public and private sectors because of consumers' unknown exposure to identity theft.

But debit and credit breaches were not the biggest worries to emerge from the 2011 analysis. Breaches linked to cyberattacks also topped the list.

More than a quarter of last year's data breaches resulting from some kind of hack or cyberattack. [See the ITRC's breach analysis.]

Breach Trends

In 2011, 419 breaches were reported, even among states that don't mandate breach notification. Among those breaches, some 23 million records were exposed. Comparatively, 662 breaches were reported in 2010, a decrease the ITRC says is more likely linked to under-reporting than an actual drop in incidents of exposure.

Among the five tracked sectors - business, educational, government/military, medical/healthcare and banking/credit/financial - cyberhacks and compromises of data-on-the-move pose the greatest concern. "There are a number of breaches where we don't know what actually occurred," Barney says.

Hacks rank No. 1 for security vulnerability. But data-on-the-move, which could involve anything from a laptop left in a car to a lost mobile phone or tablet, comes in a close second.

Security Lessons for Banks, Merchants

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE RSA Conference 2015: An Overview

As RSA Conference 2015 opens, ISMG's editorial team discusses the event's emerging themes and how...

Latest Tweets and Mentions

ARTICLE RSA Conference 2015: An Overview

As RSA Conference 2015 opens, ISMG's editorial team discusses the event's emerging themes and how...

The ISMG Network