Year of the Hack: Review of 2009 Data Breaches

Heartland Heads List of 62 Breaches Affecting Financial Institutions There were 62 data breaches involving financial institutions in 2009 - three of them occurring in the last month of the year.

These breaches represent only a portion of the total of 498 incidents compiled in the 2009 Data Breach Report compiled by the Identity Theft Resource Center (ITRC), based in San Diego, CA. But the largest of them, the Heartland Payment Systems breach, involved an estimated 130 million credit and debit card numbers taken, accounting for more than half of the 222 million records potentially taken in 2009.

Insiders caused the largest number of data breaches within the financial services industry, says Jay Foley, executive director of the ITRC, and this threat will continue to be a problem for financial institutions in 2010, "The numbers come out almost every year, and they have said for the past eight or nine years that 70% of all hacking happens internal to the company," Foley says. "You need to know who is going where and what they are doing and why they are doing it. You need to set up established parameters for who gets to go into the data."

The breakdown of the types of the breaches shows these numbers:

  • Insider Threat - 16;
  • Missing Paper Documents -15;
  • Skimming - 8;
  • Stolen or Missing Hardware - 8;
  • Outside Network Intrusions - 5;
  • Unknown Cause - 4;
  • Exposure of Data on Web - 4;
  • Accidental breach - 2.

May was the month with the most breaches (10), followed by August with 9 and March with 8.

June was the month with the fewest recorded breaches - just one.

For details on each of the 2009 data breaches, please review the interactive timeline.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.