Estimating breach size by fraud volume
Much is being made of a press release from ID Analytics. Based on results from that firm’s fraud detection products, a conservative estimate is that one of every 1000 pieces of PII lost in a data breach results in an actual fraud. An additional finding is that the likelihood of a fraud being committed using a given piece of revealed PII is inversely proportional to the size of the breach.
These results are being spun as suggesting that large breaches are not so bad, and that the “real risk” of ID theft is low.
Well, I won’t comment on that, but the credence afforded the ID Analytics numbers cuts both ways. For example, if they are right, than the Sam’s Cub breach exposed the information of about 600,000 people.