Symantec released their Global Internet Security Report for 2009 which explores in great detail the causes of data breach incidents. It finds that hacking attacks are responsible for the majority of personal identity records exposed in 2009.
“In 2009, 60 percent of identities exposed were compromised by hacking attacks, which are another form of targeted attack. The majority of these were the result of a successful hacking attack on a single credit card payment processor.13 The hackers gained access to the company’s payment processing network using an SQL-injection attack. The attackers then installed malicious code designed to gather sensitive information from the network, which allowed them to easily access the network at their convenience. The attacks resulted in the theft of approximately 130 million credit card numbers. An investigation was undertaken when the company began receiving reports of fraudulent activity on credit cards that the company itself had processed. The attackers were eventually tracked down and charged by federal authorities. This type of targeted hacking attack is further evidence of the significant role that malicious code can play in data breaches. Although data breaches occur due to a number of causes, the covert nature of malicious code is an efficient and enticing means for attackers to remotely acquire sensitive information.”
The report also highlights trends in terms of countries that originate the majority of cybercrime activity. Brazil and India show very rapid growth in malicious activity and are both now ranked in the top 10.