Rapid7, the leading provider of security risk intelligence solutions, today announced that an analysis of government breach data shows that the government sector reported 268 incidents of data breaches from January 1, 2009 to May 31, 2012, which exposed more than 94 million records containing personally identifiable information (PII). The analysis, "Rapid7 Report: Data Breaches in the Government Sector" details the number of incidents reported, revealing a 50% increase in the number of compromises affecting the government sector from 2009 to 2010, as well as a skyrocketing rise in the number of records exposed each year, with the number tripling from 2010 to 2011. Unintended disclosure, the loss/theft of portable devices, physical loss, and hacking continue to be the leading causes of breaches.
"Government infrastructure has come under attack from cyberespionage, hacktivism and insider threats. Combine that with a staggering number of cases involving human error and it's clear that the government sector is facing a persistent challenge when it comes to protecting our critical infrastructures, intellectual property, economic data, employee records and other sensitive information," said Marcus Carey, security researcher at Rapid7. "Our analysis puts a spotlight on the need for improved security operations and testing. It also analyzes specifc threats that government entities are facing, because knowing these threats is key to be able to reduce risk."
Analyzing data collected and categorized by the Privacy Rights Clearinghouse Chronology of Data Breaches, which includes information from the Open Security Foundation's DataLossDB, Rapid7 discovered additional details regarding breach incidents and government records that were exposed, including:
Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.