Target data breach atypical
NEW YORK — Breaches of retailer payment systems are less common than other kinds of online attacks, a new study finds.
Target’s massive data breach last year caused consumers to panic and drew attention to Internet crime.
But more than twice as many of last year’s Internet data breaches resulted from small online acts, such people clicking on malicious web links and choosing easy-to-guess passwords, says a worldwide report from Verizon.
The report, considered to be one of the top annual looks at Internet-related crime, includes information from 50 organizations ranging from law enforcement to security companies. The report was to be released Wednesday.
Target’s breach, one of the largest in history, resulted in the theft of 40 million creditand debit-card numbers, along with the personal information of up to 70 million people. Other companies, including fellow retailers Neiman Marcus and Michaels Stores, later announced breaches to their systems.
But while such large-scale attacks grab headlines, payment-system breaches are down in recent years. In 2013, just 198 were recorded, representing 14 per cent of the year’s 1,367 confirmed data breaches.
There were 490 breaches through attacks on web applications — 35 per cent of the total — and 306 cases of online espionage, or 22 per cent.
Verizon says its numbers are not comparable with those from previous reports because its research methods and the number of contributors to the report have changed.
Researchers saw a big increase in attacks on smaller retailers a few years ago, said Wade Baker, Verizon’s managing principal of research and intelligence. But now, he says, it appears that criminals are going after major retailers that handle millions of debit- and credit-card numbers and leaving the smaller companies alone, even though they are easier to attack.
“It’s very industrialized and very sophisticated,” he says. “You can buy software packages that are customized. It’s never been easier to turn data into money.”