Criminals targeted Christmas Eve and shipping cutoff days for delivery by Christmas for fraudulent purchasing, a new study finds.
After a dismal Q4, retailers globally reported fewer stolen records in the first quarter. Q1 incidents also were down year over year.
The amount of data stolen as the result of data breaches during the first quarter of 2014 increased 233% from Q1 2013, according to the SafeNet Breach Level Index, a database that tracks publicly reported data breach incidents globally. The good news for retailers—in Q1 at least—is that they were subject to fewer attacks than in Q1 a year ago and retailers suffered fewer data breaches than any other industry tracked by the database.
Retailers in Q1 accounted for less than 1% of data stolen, with criminals gaining access to 1.78 million records. This, however, follows the fourth quarter of 2013, when retailers took the unenviable top spot for lost data. In Q4 retailers were responsible for more than half—50.85%—of reported data breaches, resulting in a loss of more than 116 million records, according to SafeNet. Target Corp. in December reported a massive security breach that resulted in the theft of payment card data for at least 40 million customers. Numerous other retailers have also reported system breaches in recent months, including Sally Beauty Supply LLC, The Neiman Marcus Group Inc. and Michaels Stores Inc. retail chains. Target is No. 18 in Internet Retailer’s Top 500 Guide. Sally Beauty is No. 448, Neiman Marcus is No. 41.
Retailers in the first quarter of 2013 accounted for about 4% of stolen data, with criminals then gaining access to 2.45 million records.
In Q1 2014, the areas accounting for the most data breaches, in descending order, were the financial industry (55.6%), technology firms (20.2%), healthcare (8.9%), government agencies (8.0%), other (6.4%) and retail (0.9%). SafeNet says malicious outsiders—unauthorized entities from outside a company—accounted for 62% of data breach incidents in the quarter. Accidental loss accounted for 25% of incidents, malicious insiders accounted for 11%, and state-sponsored attacks and hacktivists—computer criminals supposedly hacking to champion a cause—accounted for 2% of incidents.