Hundreds of stolen files contain more than 47,000 individual SSNs buried 1.1 million times within hidden worksheets
NEW YORK, Dec. 5, 2014 /PRNewswire/ — Identity Finder LLC, a leading provider of sensitive data management solutions, today announced the findings from a data discovery analysis of the recent Sony data breach, uncovering more exposed Social Security numbers than previously reported. Identity Finder located more than 47,000 exposed SSNs, some belonging to celebrities. The SSNs appeared more than 1.1 million times inside 601 publicly-posted files stolen by hackers. Most files containing SSNs were accompanied by other personally identifiable information, such as full names, dates of birth and home addresses, which creates a clear path for criminals intent on committing identity fraud.
Logo – http://photos.prnewswire.com/prnh/20141205/162616LOGO
Utilizing the enterprise solution, Sensitive Data Manager, Identity Finder discovered:
- 601 files containing SSNs
- 75 Acrobat PDFs
- 523 Excel spreadsheets
- 3 Word documents
- 47,426 unique SSNs
- 15,232 SSNs belonged to current or former Sony employees
- 3,253 SSNs appeared more than 100 times.
- 18 files contained between 10,860 and 22,533 SSNs each.
- 1,123,798 copies of compromised SSNs
"The most concerning finding in our analysis is the sheer number of duplicate copies of Social Security numbers that existed inside the files. In this instance, some SSNs appeared in more than 400 different locations, giving hackers more opportunities to wreak havoc," said Todd Feinman, President and CEO, Identity Finder. "As we have seen from the myriad data breaches this year, every organization is vulnerable to an attack. Security technologies are an important shield, but minimizing the target and reducing the footprint of sensitive data is more critical than ever."
Unlike other forms of sensitive data, such as debit and credit card numbers, Social Security numbers cannot be easily replaced or reissued once compromised. Organizations that experience such a breach are exposing employees and customers to potential identity fraud, which can take many years for victims to remediate. This particular breach serves as yet another example of the importance of proactively discovering and classifying or remediating unprotected sensitive data to prevent theft by cyber criminals.
Today's findings continue Identity Finder's commitment to furthering research that promotes the mission-critical nature of sensitive data management. In 2014 alone, Identity Finder utilized Sensitive Data Manager to uncover more than 630,000 Social Security numbers exposed on IRS Form 990 tax returns and commissioned a Javelin Research survey that examined post-breach customer attrition in three critical industries.
About Identity Finder, LLC
Identity Finder, headquartered in New York City, is the leader in sensitive data management. Its security and privacy technologies help enterprises protect their reputation, prevent data leakage, comply with regulations, and make informed decisions on security spend. They have helped thousands of businesses and millions of individuals prevent data loss and identity theft
Media Contact
David Sprague or Tiffany Darmetko
MSL Group Boston
781 684-0770
Email