How do data breaches happen?

Causes of data breaches range from lost laptops, Flash drives and data backup files to direct attacks on poorly secured networks. But passwords are often used by identity thieves in data breaches. In one case, at the time the largest identity theft case in history according to the Department of Justice, a help desk employee at a service provider was able to steal confidential subscriber codes and passwords of customers of the three major credit bureaus, Equifax, Experian and TransUnion. He then used those passwords to victimize more than 30,000 individuals by helping identity thieves get access to their full credit records and personal information file. Stolen client passwords were used to steal 163,000 identity information records from ChoicePoint in 2005, and 1,700 more again from TransUnion in 2007. In another case in 2007, an employee at fell for a phishing email. Identity thieves used his corporate password to steal information about their clients. They then tricked those clients with phishing attacks and password stealing malware, eventually ending up with their passwords. That led to data breaches at a number of banks and large non-profit organizations. Preventing data breaches and complying with government regulation are two important factors driving companies to implement personal security devices for stronger network security.