Home
  
 
About the Coalition   The Facts   Resources   Newsroom   Contact the Coalition
 
DATA SECURITY GLOSSARY  
   

Identity Theft – The term defines a broad range of criminal activity involving theft or attempted theft of another individual’s personal identifying or account level information for the purpose of committing fraud or other crimes.

Credit Fraud – A criminal act carried out for the purpose of obtaining a financial benefit from a financial services provider or other person with the intention to mislead that provider or person about the fulfillment of the conditions under which the financial benefit is provided.

Data Security Breach – Occurs when personal or financial information, maintained by a public or private sector organization, is disclosed in an unauthorized or unintentional manner. Data breaches vary in seriousness depending on a variety of factors including the type of breach (identity level or account level), whether the data are accessible to unauthorized users and the intent behind the breach.

Types of breaches:

  • Identity-level Breach – Involves the compromise of information that can be used to distinguish or trace an individual’s identity such as name, social security number and possibly other identifiable information such as address, date of birth or associated phone number.
  • Account-level Breach – Involves the compromise of a consumer name in connection with a credit card or other financial account number, and possibly additional information such as card expiration date and CDS number. Account-level breaches are generally considered less problematic from a consumer standpoint because while they can lead to fraudulent activity on an account they are not likely to result in the theft of an identity.

Intent of breach:

  • Accidental Loss – In such cases, there is no devious intent on anyone’s part. As a result of unfortunate circumstances, or possibly a lack in security control, sensitive data can be improperly handled, and simply lost. Experience and evidence suggest that this data has the least likelihood of being misused.
  • Incidental Theft – This is where sensitive consumer information is stolen as a byproduct of another crime, such as theft of a laptop. The intent here is not theft of the data, but rather of the stolen equipment itself.
  • Intentional Theft – This is where a criminal launches a targeted, pre-planned attack against an organization that stores sensitive information with the intent to misuse that information fraudulently.
  
      © 2007 | Coalition for Data Security
All Rights Reserved		   We Value Your Privacy