US data breaches grow, cost victims billions of dollars

A new study out today shows data breaches in the U.S. continue at a record pace and they're costing victims billions of dollars in fraud.

Data breaches are bad for business, but the resulting fraud can be devastating to the people who have their personal information compromised.

The just-released report from Javelin Strategy and Research shows that a single massive data breach can result in "billions of dollars" in consumer fraud.

2012 was a good year for the bad guys who make a living stealing your personal information. A record number of breaches -1,611 - took place last year. That's a staggering 48 percent increase from 2011.

Javelin analyzed the impact of this growing problem to quantify the resulting fraud. And just look at the numbers.

In 2011, if you received a data breach notification, your odds of being a fraud victim were one in nine. Last year that jumped to one in nine.

"Criminals are relying now more often on data gleaned from these breaches to commit fraud," said Al Pascual, a senior analyst at Javelin who co-wrote the report.

It's impossible to prevent all data breaches, but Javelin concludes that the majority of them are "crimes of opportunity that rely on the failure of companies and institutions to do some amazingly simple and common-sense things.

So how do we stop this and keep cyber-crooks from getting our debit and credit card numbers, or worse yet, our Social Security number?

Javelin suggests a number of "best practice" security precautions companies should take, including:

Universal encryption (that meets industry standards)

Regular security audits to ensure that established security procedures are being followed

Data custodians are also advised to have mechanisms in place to detect a potential security compromise

Respond aggressively when malware is discovered

The security experts at Javelin believe companies should purge all data when then no longer need it to reduce the risk of harm if there is a breach.

They also urge financial institutions to stop the use of Social Security numbers to authenticate identities. The report suggests other types of identity authentication be used, such as one-time passwords or biometrics.


Herb Weisbaum is The ConsumerMan. Follow him on Facebook and Twitter or visit The ConsumerMan website.