The list of major breaches gets longer every day: LinkedIn, eHarmony and Last.fm are just the recent ones. Add to that list the Department of Defense, TJX, Sony, Heartland Payment Systems, Emory Healthcare, Global Payments … well, you see where this is going.
Damaging data breaches are the norm in 2012, not the exception.
According to the Identity Theft Resource Center, there were 189 known breaches from Jan. 1 of this year through the beginning of June. Those breaches have exposed approximately 13.7 million records.
Why LinkedIn Is Different (and Why It’s Not)
The nature of the data involved helps explain why the LinkedIn breach has gotten so much attention. “LinkedIn’s data is of much higher quality than other sites,” says Paul Kocher, president and chief scientist at Cryptography Research, Inc. (CRI). “There is just so much information about who people really are and what is important to them.”
With high-quality information, attackers can launch much more sophisticated and targeted attacks.
But in other respects, the attack isn’t out of the norm. “People are shocked by LinkedIn’s poor security practices, but this is widespread,” Kocher noted. “Plenty of organizations are far worse off than LinkedIn. It’s easy to start fixing security when you’re motivated by a breach, but until then, many organizations hope for the best.”