The leaking vault 2011 – six years of data breaches
8th September 2011
The Digital Forensics Association has announced the release of their second annual data breach report.
‘The Leaking Vault 2011- Six Years of Data Breaches’ analyzes 3,765 data loss incidents, with a known disclosure of 806.2 million records.
Organisations seem to be constantly in the news on a daily basis for disclosing data inappropriately. Hundreds of millions of people’s personal private information has been lost, stolen or otherwise shared with unauthorised parties. The problem of data breaches is one that potentially impacts the economic health of the victim organisations, upstream or downstream partners, and the data subjects who face direct financial consequences.
Key findings include:
The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organisations that track these events, as well as government sources. Data breaches from 33 countries were included.
The study covers incidents from 2005 through 2010, and includes over 806.2 million known records disclosed. On average, these organisations lost over 388,000 people’s records per day/15,000 records per hour every single day for the past six years.
The estimated cost for these breaches comes to more than £97 billion to the organisations experiencing these incidents. This figure does not include the costs that the organisations downstream or upstream may incur, nor that of the data subject victims. Furthermore, it is a low estimate of the cost, due to the fact that 35% of the incidents did not name a figure for records lost.
Incidents relating to laptops remain the leader, but documents (printed material) is fast growing and demonstrates the need to manage both electronic data assets as well as printed documents. This trend has been continuing upward for several years and is a potential contender for the incident leader if it continues. Hacking remains the records loss leader, responsible for 48% of the records disclosed in the study.
Outsiders continue to pose the largest risk in terms of both incidents and records disclosed. When the threat is an insider, the incident is significantly more likely to be accidental in nature. While accidental incidents are more prevalent, they also cause the most harm of the insider incidents in terms of records disclosed.
In 65% of the cases, the data disclosed included the data subject’s name, address and Social Security Number. In contrast, only 15% of the incidents disclosed credit card numbers, and 16% disclosed medical information. Medical disclosures saw a significant increase with the addition of the 2010 data. This is more likely due to the reporting requirement of existing regulations going into effect than any actual increase of incidents. The incidents where criminal use of the data was confirmed increased by 58% from the prior report.
A complete copy of “The Leaking Vault 2011- Six Years of Data Breaches” is available at: