2013 Data Breach Fraud Impact Report: Mitigating a Rapidly Emerging Driver of Fraud

Contemporary research on the financial impact of data breach events has focused on costs to businesses and institutions, but largely ignored their effect on the consumers whose personally identifiable information (PII) is compromised. This report elucidates the real connection between data breach and consumer fraud and demonstrates that a single massive data breach can result in billions of dollars in consumer fraud losses. Data breach victimization has been increasingly correlated with fraud incidence over the past three years, with a walloping 23% of data breach victims in 2012 becoming fraud victims.1 Fraudsters are improving at mining large data sets at the same time as businesses and institutions of all types are facing an onslaught of data breaches. The Open Security Foundation reports an all-time high of 1,611 breaches in 2012, a 48% increase over 2011, and Verizon asserts that fully 75% of these attacks are motivated by financial gain.2,3

While not all data breaches can be prevented, the majority are crimes of opportunity that rely on the failure of aggravatingly simple protections. Organizations can promote consumer confidence and loyalty by instituting better protections against the event of a data breach and by mitigating criminals’ ability to use stolen data to defraud consumers. The impulse by businesses and institutions to preserve their reputations often dictates their remedial actions in the wake of a data breach. Many institutions have taken vital steps to educate and protect consumers. Others, however, have attempted to mitigate consumer perceptions of the gravity of a data breach by downplaying the probability that information will be misused, by extension understating the urgency of taking key actions to help consumers protect themselves from the consequences of the compromise. This report outlines best practices for preventing breach events and protecting consumers in their aftermath.

Primary Questions:

• What is the correlation between data breaches and consumer identity fraud?
• Which types of information are being targeted and misused by criminals?
• How have recent data breaches been disclosed?
• Which security procedures and protocols could have been utilized so as to avoid recent breaches?
• How can consumers be empowered in the fight against breach related identity fraud?
• What are the projected costs associated with the misuse of breached consumer data?

• Consumer fraud metrics in this report are based on data from Javelin’s 2012 Identity Fraud Survey. The 2012 Identity Fraud Survey was conducted among 5,249 U.S. adults over age 18 on KnowledgePanel.