Q. After reading your Scam Alert on data breaches, I got to wondering: What kinds of organizations do hackers attack most frequently?
A. It’s surprising, but educational institutions—especially large universities—top the list, accounting for 20 percent of all documented data breaches in 2009, according to the new Internet Security Threat Report by Symantec, maker of Norton computer security products.
Universities are prime targets because they store a wide range of personal information about students and staff, and the data is often accessible from multiple computer systems and campuses. That means hackers potentially have many points of access.
Health care institutions are the next most targeted (15 percent of breaches), again with good reason: A typical patient medical record contains all the personal information needed to steal an identity. Government databases are the third most common target, representing 13 percent of breaches last year.
But it turns out that the institutions most frequently targeted are not necessarily the places where hackers score their biggest successes.
Financial institutions accounted for just 10 percent of all breaches last year, but were the source of 60 percent of all identities exposed. Much of that was due to a single attack that netted 130 million account numbers from credit card processor Heartland Payment Systems. Another 35 percent of identities exposed were stolen from government agencies, including more than 70 million Social Security numbers taken from the National Archives and Records Administration.
Sid Kirchheimer writes about consumer and health issues.