According to the Identity Theft Resource Center (ITRC), 1,244 data breaches were reported in 2018 that compromised over 446 million records containing consumers’ personally identifiable information (PII). The key word in the last sentence is “reported.” Assuming every hacked business reports a breach, like they are supposed to do, we can look at 1,244 breaches as the number of times a hacker got caught…. and believe me, hackers don’t like to get caught.
This means the 1,244 reported breaches are just the tip of the iceberg. Thousands of additional businesses are breached every day, but just don’t know it. Many times, the company is small and doesn’t have a full-time network security administrator, or the number of payment cards they expose daily isn’t significant enough to be flagged by bank networks and breach researchers.
While each small, unreported breach might only have a few hundred cards, taken together the number of total cards breached can be quite staggering.
The dark economy
I invited Stephen W. Orfei, former general manager of the PCI Security Standards Council, to speak at a recent Bluefin Summit. His presentation shined a light on the dark economy, how it mirrors the real economy and how it is proliferating. He cited a direct quote from Dr. Michael McGuire’s alarming study, into the Web of Profit: Understanding the Growth of the Cybercrime Economy: