Lessons Learned from Analyzing 100 Data Breaches
Updated: May 9
As part of the Imperva Threat Research Team’s ongoing efforts to monitor and report on the current database threat landscape, we studied and analyzed over 100 of the largest and most well-known data breaches to date.
To get the most value from the analysis of these breaches, Imperva’s Threat Research Team extracted each initial breach, the target of each breach, the system that was compromised by the breach, and what records were stolen.
Before we start with the lessons learned, it is important to understand that because of their sensitive nature, database security breaches often go unreported. Also, in many cases, there is not enough data available to provide a comprehensive report.
The data we present here has been compiled from all the available information sources; the web, breach reports, hackers’ forums, analysis of stolen database dumps, and information gathered from deploying our own honeypots. We present the specific types of data that were stolen, the root causes of the breaches, and aim to provide some insight into how this data has changed over the last year.