17% of Personal Data Breaches 'Non-Malicious' But Exploited, Says U. of Texas Report
About 17 percent of incidents in which personally identifiable information (PII) is compromised occur without any malicious intent from those responsible, meaning it's likely human error, said a report released Thursday by the Center for Identity at the University of Texas at Austin. "Vulnerabilities caused by human error are frequently exploited by opportunistic hackers and fraudsters," said the 2017 Identity Theft Assessment and Prediction Report, which analyzed a database of about 5,000 incidents that occurred between 2000 and 2016. In another finding, the report said only 0.36 percent of incidents "spanned the whole U.S.," as did the 2013 Target data breach (see 1312200034), meaning most of the cases are "confined to a local geographic region or victim profile." The report said California had the highest number of incidents in which PII was compromised (476) followed by Florida (309), New York (303) and Texas (244). The report also said the impact of emotional distress to victims "is consistently higher than" financial and property losses and one-third of incidents were perpetrated "solely" by insiders such as company employees and family members.