• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Security
  • Rapid 7, analysis on data breach incidents

Rapid 7, analysis on data breach incidents

Pierluigi Paganini September 11, 2012

Security Firm Rapid 7 has published an interesting analysis on government data breach reported from January 1, 2009 to May 31, 2012. The document present a worrying scenario in which 268 incidents exposed more than 94 million records containing sensible information. This type of incident is really dangerous due the nature of information exposed that could represents the starting point for further attacks. Marcus Carey, security researcher at Rapid7, declared:

“Our analysis puts a spotlight on the need for improved security operations and testing. It also analyzes specifc threats that government entities are facing, because knowing these threats is key to be able to reduce risk.”

In US all states have adopted laws requiring that companies victims of incident to notify information to their customers in order to proper response to the event. Recently, Senate Republicans have introduced draft legislation known as the “Data Security and Breach Notification Act of 2012 (S.3333)” to propose a national recognized procedure to respond to data breaches. Governments networks are privileged targets for several type of attackers, foreign state-sponsored hackers, hacktivists and cyber criminals, and in every cases the principal objective is cyber espionage, are increasing in fact the attacks to expose government information or to steal intellectual properties in critic sectors such as the defense. The Report of Rapid 7 has been published few days after the publication by Symantec of the document on the “Elderwood project” that describe the ongoing impact of cyber espionage operations and attacks part of the famous Op. Aurora.

2010 was the year with the high number of incidents publicly reported, a number three times higher of the number of incidents reported in the first half of 2012.

Despite 2010 was the year with highet number of incidents, the major number of records exposed is related to 2009, in particular in the month of October 2009 76 million US veterans’ personally identifiable information (PII) was exposed after a defective hard drive was sent to a government vendor for repair and recycle before the data was erased.

The Report proposes the division of data breaches in the following categories:

  1. Unintended disclosure – Sensitive information posted publicly on a website, mishandled, or sent to the wrong party via email, fax, or mail.
  2. Hacking or malware – Electronic entry by an outside party, malware, and spyware.
  3. Insider – Someone with legitimate access intentionally breaches information – such as an employee or contractor.
  4. Physical loss – Lost, discarded, or stolen non-electronic records, such as paper documents.
  5. Portable device – Lost, discarded, or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc.
  6. Stationary device – Lost, discarded, or stolen stationary electronic device such as a computer or server not designed for mobility.
  7. Unknown or other.
The following graph shows the incidence of the Unintended Disclosure and Hacking of the total number of incidents, in both cases it is a growing trend.

Going in the details of the data proposed by Rapid 7, the number of incidents and reported PII records exposed during the period of observation are:

  1. Unintended disclosure – 78 incidents exposing 11,783,776 records
  2. Portable device – 51 incidents exposing 80,706,983 records
  3. Physical loss – 46 incidents exposing 296,710 records
  4. Hacking or malware – 40 incidents exposing 1,082,749 records
  5. Insider – 39 incidents exposing 177,399 records
  6. Stationary device– 6 incidents exposing 250,650records
  7. Unknown or other – 8 incidents exposing 5,906 records

The data proposed in my opinion demonstrate that this type of incidents could be sensibly reduced with an opportune awareness campaign, as seen a great number of incidents is related to misconduct of users, that not intentionally, apply an adequate protection to their data. Excluding hacking attacks made by foreign governments and cyber criminals that exploit 0-days vulnerabilities, with the definition of best practices and the adoption of a behavior compliance to the current standard in matter of security it is possible to avoid data breach incidents, or at least reduce the number of exposed information. That consideration is an imperative in government environments to avoid dramatic incidents that could expose homeland security.

Pierluigi Paganini


facebook linkedin twitter

0-days vulnerabilities cyber espionage data breach Elderwood project malware personally identifiable information Rapid 7 security

you might also like

Pierluigi Paganini July 09, 2025
Hackers weaponize Shellter red teaming tool to spread infostealers
Read more
Pierluigi Paganini July 08, 2025
Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    DoNot APT is expanding scope targeting European foreign ministries

    APT / July 10, 2025

    Nippon Steel Solutions suffered a data breach following a zero-day attack

    Data Breach / July 09, 2025

    Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

    Malware / July 09, 2025

    Hackers weaponize Shellter red teaming tool to spread infostealers

    Malware / July 09, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT