The Price of Fraud

NEW YORK (MainStreet)—A singular data security breach could result in more than 120,000 cases of fraud — with each incident costing more than $3,000, according to new analysis by Javelin Strategy and Research.

In the spring of 2012, Utah's Department of Health had its test server with government health care participants' data breached by Eastern European hackers. The attack led 280,000 Social Security numbers to be compromised and 500,000 other participants to have slightly less sensitive personal information stolen.

The analysis said this one breach will lead to an estimated 122,000 fraud cases, with each incident resulting in $3,327.87 of loss. It also is estimated to cost each Utahan whose information is illegally used $770.49 and 20 hours to resolve their case.

"Data breaches are becoming more of a contributor of fraud ever year," said Al Pascual, a security, risk and fraud analyst at Javelin. "In 2010, there was a one in nine chance that if a consumer received a data breach notification that they would also be a victim of fraud — that correlation jumped to one in four as of 2012."

Pascual said theft of personal data is now a digital endeavor — with hackers now being better at identifying targets and mining data.

"Criminals no longer root through the trash or steal mail to collect personally identifiable information," Pascual said. "Fraudsters know where to go to get it."

The Utah case, however, also provides important data storage lessons, according to Javelin. First, all data must be managed "from cradle to grave," meaning that from the time a server is brought online to when it is decommissioned, all steps must be followed in securing the server and its data. Lastly, all data should be encrypted. While this costs money, the research points out Utah officials will spend between $2 million to $10 million to clean up the 2012 breach.