Industry View

Monitoring the Enemy Within: Reflections on a New Internal Data Theft Study

Who steals data, and what do they do with it? Cooper Bachman of ID Analytics scrutinizes research from a dozen data thefts resulting in 1,300 attempted instances of data misuse.

By Cooper Bachman, ID Analytics

Page 4

For several of the incidents of internal data theft the ultimate size of the beached file was unknown. For example, if an employee with access to identity data siphoned out information and the company was unable to track data access, the 'breached population' is unknown. For these cases the entire population in the relevant database was analyzed for misuse. Even so, identities exposed to one of these internal breaches were up to twenty-four times more likely to have their identity abused than the average consumer.

3. Wireless Phones are Becoming More Popular Targets
In previous research, fraudsters have demonstrated a preference for bank cards over retail cards or wireless phones when fraudulently applying for goods and services after a data breach. While activity related to bank cards did not completely dissipate, this study revealed a new trend of fraudsters using internal data to apply for wireless phones. After analyzing over 1,300 cases of data misuse stemming from the eight instances of harm, 69 percent of the total applications targeted the wireless industry. In two of the incidents, the research found over 95 percent of the fraudulent applications were for mobile phones.

In another study released by Javelin Strategy and Research in early 2008, researchers further highlighted the shift towards mobile technology and reported fraudulent wireless account openings have increased from 19 percent to 32 percent of new account fraud since last year. A possible explanation for this is a combination of the growing popularity of higher tech handsets and the competitive nature of the wireless industry.

As demand for smart phones and mobile Internet access increase, wireless providers are offering discounts on hardware to attract customers into new annual contracts. Individuals who have acquired personal data from an organization are able to exploit mark-downs by applying for new accounts, receiving a free or discounted smart phone, and then reselling the hardware for a profit of several hundred dollars per handset. The disgruntled employee has no intention of ever paying the recurring monthly bill and the account eventually charges off.

Evidence suggests this trend may continue.

4. Misuse Related to Internal and External Breaches Exhibit Similar Behavior
Identities involved in internal data theft demonstrated strikingly similar behavior to traditional data breach victims in two main categories: strong application activity in the online channel and the duration of misuse for each identity was typically less than two weeks.

Employees or recipients of internally breached data mimicked the same application patterns as serial identity thieves. Five out of the eight incidents of internal data theft had over 80 percent of their application activity online. Although there were cases where phone and direct mail channels were used, the Internet continues to serve as a 'faceless' medium used by fraudsters to prevent detection.