Information security analytics

More than one million laptops containing valuable company data have been lost or stolen in the past 12 months, a new study from Sony's VAIO Digital Business has found. In a poll of 600 UK businesses, it found that one in four had lost devices in the last year, with most blaming bring your device (BYOD) practices, lax security and rebel workers as the cause. Despite the potential for huge data breaches, just 28 per cent of that number said they had anti-theft security programmes installed on their laptops.

InfoWatch Research Center bring you the latest annual report on worldwide information leaks recorded and reported in the media during 2012.

More than six out of ten organisations hit by data breaches take longer than three months to notice what has happened with a few not uncovering attacks for years, a comprehensive analysis of global incidents by security firm Trustwave has found. During 2012, this meant that the average time to discover a data breach for the 450 attacks looked at was 210 days, 35 more than for 2011, the company reported in its 2013 Global Security Report (publically released on 20 February).

From the press release of Javelin Strategy & Research: “… nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging.” If 1 in 4 become fraud victims, isn’t that even more reason to prohibit entities from writing things like, “We believe the risk is very low…” or “We believe that the laptop was stolen for the hardware, not the data” or “We are sending you this letter in an abundance of caution?” Instead, I think entities should be required to include a statement such as:

Mind-boggling. While many schools improperly use FERPA to withhold information, at least one university is just handing information without ensuring that it has signed waivers or consent to do so. Clark Kauffman reports: The University of Iowa has been quietly sharing federally protected student information with Johnson County law enforcement officials who handle gun permit applications — an arrangement that one national organization calls a “license to snoop.”

An article published by specialist healthcare news website Actusoins has revealed data breaches at several French hospitals and clinics, demonstrating that such incidents can occur even in a highly regulated jurisdiction.

Healthcare breaches were among the most high-profile of data leakage incidents last year, but a new study in the US found that the damage is actually lessening year-over-year. The year 2012 saw a 21.5% increase in the number of large breaches vs. 2011, but an encouraging 77% decrease in the number of patient records affected.

The Equifax credit reporting agency, with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans’ personal information ever created, containing 190 million employment and salary records covering more than one-third of U.S. adults. Some of the information in the little-known database, created through an Equifax-owned company called The Work Number, is sold to debt collectors, financial service companies and other entities.

InfoWatch Research Center presents its first bi-annual report on Data Leaks in the Financial Services Sector: January – June 2012. This report provides an overall view of the general trends of data leakage in the financial services sector and some conclusions which provide a basis for predicting the evolution of data leakage in general based on these trends.

InfoWatch presents the latest issue of its study on information leaks, recorded in the World. Statistics, expert comments, biggest data leaks. To download Global Data Leakage Reports,  please, fill in the form.