Government Internet Security Threat Report: Trends for January–June 07

Symantec Enterprise Security

View the full study >

This study, which analyzed trends in internet security during the first half of 2007, reveals that the majority of data breaches that could lead to identity theft occurred in the education and government sectors.

During this period, 30 percent of all known data breaches that could lead to identity theft occurred in the education sector, while 26 percent of data breaches that could lead to identity theft occurred in the government sector.

Data Breaches and Identity Fraud: Misunderstanding Could Fail Consumers and Burden Businesses

Javelin Strategy & Research (August 2006)

View the full study >

“The large number of data breaches and the publicity they have received has created the misperception that fraud resulting from data breaches is prevalent.” This report reveals, however, that only six percent of all known identity fraud is generated from data breaches and warns that “misunderstanding data breaches and their effect on identity fraud may lead to incorrect guidance to consumers, mistakes regarding protective measures companies employ, and overly burdensome legislation. Armed with facts, industry leaders must ensure that the data breach ‘cure’ is not worse than the affliction.”

Personal Information: Data Breaches are Frequent, but Evidence of Resulting Identity Theft is Limited; However, the Full Extent is Still Unknown

United States Government Accountability Office: Report to Congressional Requesters (GAO-07-737 - June 2007)

View the full study>

With evidence from media reports, federal and state agencies, and private institutions, this report concludes that while breaches of sensitive personal information occur fairly frequently under a wide variety of circumstances, there is limited evidence that these result in identity theft.

Information Security: Despite Reported Progress, Federal Agencies Need to Address Persistent Weaknesses

United States Government Accountability Office: Report to Congressional Requesters (GAO-07-837 - July 2007)

View the full study>

In this study, the Government Accountability Office examines weaknesses in information security polices and practices used by the government and concludes that they “threaten confidentiality, integrity, and availability of critical information and information systems used to support the operations, assets, and personnel of most federal agencies.” The report reviews that various departments and their weaknesses and outlines recommendations to deal with the issue.

National Data Breach Analysis

ID Analytics (January 2006)

View the full study >

In an effort to determine how fraudsters were actually using breached data, ID Analytics studied the level of suspicious misuse of identity information across the approximately 500,000 identities in four major breaches that occurred in the year prior to the study. The highest rate of fraudulent misuse for consumer victims of these identity-level breaches was less than 1/10th of one percent (0.09%).

Higher Education IT Security Report Card

CDW Government, Inc. (October 2007)

View the full study >

This survey of higher education IT directors and managers found that less than half of campuses are secure from attacks. The survey found that, for the second year in a row, 58 percent have experienced one security incident in the last year, and 43 percent reported a data loss or threat.

Bentley-Watchfire® Survey of Online Privacy Practices in High Education: Final Reports

Culnan, Mary J., Thomas J. Carlin, and Traci A. Logan, Watchfire and Bentley College (April 1, 2007)

View the full study>

Universities are at great risk for security breaches. Data collected by the Office of Privacy Protection in California found that since 2003, universities and colleges in the state were at a higher risk for security breaches than any other group, including financial institutions. By surveying the top 236 doctoral universities and national liberal arts colleges, this study finds that nearly 100 percent of these schools engage in online practices that pose a potential risk to privacy breach.

Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement

Center for Identity Management and Information Protection, Utica College (October 2007)

View the full study >

Funded by a grant from the Bureau of Justice Assistance, this study analyzed 517 U.S. Secret Service cases with an identity theft/fraud component closed between 2000 – 2006. It addresses a gap identified by the President’s Identity Theft Task Force involving the absence of data on the primary personal and demographic characteristics of the perpetrators of identity theft. The report provides “empirical data concerning the key factors relevant to the criminal behavior of identity thieves and the conditions under which that behavior occurs,” including case characteristics; the age, race, gender and criminal backgrounds of offenders; the modus operandi of the offenders; and, the composition of the individuals and industry groups victimized by the thefts.