NewsDude

Data breaches remain a significant problem for any company that manages information about personal identity. In recent weeks, widely publicized data breaches have hit Lending Tree, Hannaford Bros. Co., and the Bank of Ireland. Past data breaches at ChoicePoint, TJX Cos., and the U.S. Department of Veterans Affairs have resulted in large, class-action lawsuits with claims for or settlements in the millions of dollars in some cases.
At the April RSA Conference in San Francisco, a number of speakers addressed the technical and legal aspects of the data breach problem. The conference, sponsored by data security company RSA Security, Inc., was attended by more than 17,000 people and featured 200-plus sessions on information security issues, including data security technology, strategies and compliance challenges, and legal and governmental issues. This latter issue was the focal point for a number of speakers who addressed the data breach challenge.
Hacking, Theft, and Fraud
Many of the data breaches reported in the media have been the result of outside forces against a data company. This has taken the form of criminals hacking into database files, stealing portable devices (laptops or hard drives) containing data, or using fraudulent means to gain access to data. According to the "2007 E-Crime Watch Survey" -- conducted by Microsoft, Carnegie Mellon University's CERT Program, and the U.S. Secret Service and originally published in CSO Magazine 49 percent of survey participants reported that some form of electronic crime had been attempted against them. In nearly 40 percent of those cases, the crime involved attempted access to customer or credit card records.
Researchers from the CERT Program presented a longer, more detailed analysis of this data at the RSA Conference. They noted that insiders (people within the organization) were responsible for more than one-third of the e-crimes, according to the 2007 survey. The crimes ranged...

More...