About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Mentioned in Dispatches | Main | Laptop losers »

There are breaches and breaches

By davebirch posted Oct 7 2006 at 2:57 PM

[Simon Williams] Following on from the piece about Dispatches, I have some more data to add to the discussion. We (ID Analytics) have carried out a detailed analysis of security breaches in the US by comparing 500,000 consumer identities that were revealed in breaches and comparing them with the more than 500 million risk events stored in our network.

Technorati Tags: ,

We found that less than 1 in 1000 of the breached identities were found in subsequent risk events (a fraudlent credit card application, for example). The distribution was very skewed though.  Customer identities uncovered by large scale (and presumed to be untargeted) breaches were rarely used in the risk event, but customer identities uncovered by small scale (and presumed to be targetted) breaches were much more likely to be found in risk events. You can see why, becuase if your name and details are on a stolen laptop somewhere, you’re probably safe.  But if a thief steals your post, they may well use it. The person who steals your identity might not be a thief or a call centre worker. Data stolen by friends and family is generally called “familiar” or “family fraud”. It seems like it would be considered data breach, but historically it has not been and so does not show up in statistics. But a colleague of mine pointed out that social networking sites like MySpace and FaceBook might actually create additional “familiar fraud” because social networks extend and publicise your family and friends network, which is an interesting point to reflect on. Anyway, the main point I wanted to share from our researches are: data breaches are bad, but they are all very different.  The risk to a specific consumer depends on 1) what was taken, 2) how it was taken, and 3) how much data was taken.


The comments to this entry are closed.