A Utah Department of Motor Vehicle employee shows a sample of a digital driver's license on a mobile phone. (Photo by George Frey/Getty Images)A recently released study that analyzed the top 100 breaches from July 2021 to July 2022 showed that hackers went after personally identifiable information 42.7% of the time.Out of all of the types of data available for cybercriminals to steal — credit card info, passwords, source code, etc. — the authors of the Imperva study said that PII is the most valuable since criminals can compile more PII from the dark web to then engage in harder to prevent fraud or full-on identity theft.For the analysis, Imperva looked at publicly available sources from the web, breach reports, hackers’ forums, analysis of stolen database dumps and information from Imperva’s own honeypots.
What they found was that 27.1% of data breaches were caused by hackers. But Imperva researchers said what struck them most was that the two reasons that tied for second when it comes to root causes — unsecured databases and social engineering at 14.6% — are fairly straightforward to mitigate: “A publicly open service increases the risk of a breach to happen, but in most cases, this is not a failure of security practices; it is rather a complete absence of a security posture,” they wrote.Ransomware followed as the fourth most common cause of a breach at 10.4%, and third parties caused 7.2% of breaches.Finance, professional services, healthcare and public administration were the top four industries that recorded the most breaches during the analysis.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.
Dark web carding market BidenCash has exposed 910,380 stolen credit card details on the XSS cybercrime forum in a bid to tout their "anti-public system" mechanism that ensures the absence of already-circulated cards from the marketplace, Hackread reports.
SecurityWeek reports that the Oregon Department of Environmental Quality had more than 2.5 TB of data claimed to have been compromised by the Rhysida ransomware operation in an attack last week following the agency's assertion that none of its data had been impacted by the incident.
