Are Hackers Getting a Bum Rap?
March 20, 2007 — -- Have you been a victim of identity theft? Has someone hacked your credit card number? Don't necessarily blame the hackers.
Corporations and institutions that have lost private information are usually responsible for the loss themselves, according to new research.
In most cases, it's an inside job. Mismanagement of sensitive files, lax security, lost equipment and employee theft are responsible for 60 percent of 589 reported incidents of compromised data between 1980 and 2006.
"Hackers aren't the only culprits," said Phil Howard, assistant professor of communications at the University of Washington.
Howard and Kris Erickson, a doctoral candidate at the university, combed through thousands of news reports over the last 26 years to produce a scathing indictment of companies and universities across the country.
The picture is quite different for corporations and educational institutions. Hackers have zeroed in on colleges and universities, tapping into personal records of students and their families. And they aren't interested in learning about grades.
Universities have much of the same type of information on hand as do financial corporations, like Social Security numbers, date of birth, income, and all the other bits of info that can be useful to someone wanting to steal someone else's identity.
Hackers are responsible for more than 47 percent of incidents involving stolen records from colleges and universities, compared with 31 percent of all incidents, according to the new study. That suggests hackers have found schools easier picking than companies.
The research shows that at least 1.9 billion records have been exposed over the last 26 years, frequently through incompetence. More than 6 million records are exposed every month. And the rate of theft is climbing, so by the end of this year, the total number should top 2 billion when somebody in the United States has some personal bit of information compromised.
Hackers will be partly to blame, but the researchers say the primary blame belongs to schools and corporate America and sloppy controls over data that should remain very, very private.