BOSTON--(Rapid7, the leading provider of security risk intelligence solutions, today announced that an analysis of government breach data shows that the government sector reported 268 incidents of data breaches from January 1, 2009 to May 31, 2012, which exposed more than 94 million records containing personally identifiable information (PII). The analysis, “Rapid7 Report: Data Breaches in the Government Sector” details the number of incidents reported, revealing a 50% increase in the number of compromises affecting the government sector from 2009 to 2010, as well as a skyrocketing rise in the number of records exposed each year, with the number tripling from 2010 to 2011. Unintended disclosure, the loss/theft of portable devices, physical loss, and hacking continue to be the leading causes of breaches.)--
“Our analysis puts a spotlight on the need for improved security operations and testing. It also analyzes specifc threats that government entities are facing, because knowing these threats is key to be able to reduce risk.”
“Government infrastructure has come under attack from cyberespionage, hacktivism and insider threats. Combine that with a staggering number of cases involving human error and it’s clear that the government sector is facing a persistent challenge when it comes to protecting our critical infrastructures, intellectual property, economic data, employee records and other sensitive information,” said Marcus Carey, security researcher at Rapid7. “Our analysis puts a spotlight on the need for improved security operations and testing. It also analyzes specifc threats that government entities are facing, because knowing these threats is key to be able to reduce risk.”
Analyzing data collected and categorized by the Privacy Rights Clearinghouse Chronology of Data Breaches, Rapid7 discovered additional details regarding breach incidents and government records that were exposed, including:
- During the time frame analyzed, 2010 had the highest number of incidents (102), followed by 2011 (82) and 2009 (53). There were 31 cases reported between January 1, 2012 and May 31, 2012.
- The number of hacking incidents increased nearly 50% year-over-year between 2009 and 2011, with 2012 on pace to more than double that of 2011 entirely.
- Unintended disclosure was reported as the leading cause of breach incidents in 2009, 2010 and 2011, totaling 69 cases.
- Between January 1, 2012 and May 31, 2012, government agencies reported more hacking incidents than any other type of incident.
- California (21), District of Columbia (20) and Texas (16) reported the greatest amount of incidents across the country.
- Kentucky, Montana, Nevada, North Dakota and South Dakota reported no data breach incidents during the analyzed time frame. Alaska, Delaware, Idaho, New Hampshire, Rhode Island and West Virginia reported one incident each, which exposed fewer than 75,000 records combined.
- The number of PII records exposed from 2010 to 2011 increased by 168.69%.
- The number of PII records exposed from 2011 to May 31, 2012 increased by 138.3%.
- More than 80.7 million PII records were exposed as a result of the loss, theft or discarding of portable devices. Unintended disclosure (11.7 million+ PII records) and hacking (1.1 million+ PII records) caused the second and third largest amounts of record exposure.
- There were 14 incidents reported by agencies housing United States veteran PII data, including multiple incidents with the U.S. Department of Veteran Affairs.
For the full report, please visit http://www.rapid7.com/docs/Data-Breach-Report.pdf.
Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.