Verizon Data Breach Investigations Report

Verizon Data Breach Investigations Report
Name	Verizon Data Breach Investigations Report
Caption	Annual cybersecurity incident analysis
Country	United States
Publisher	Verizon Communications
First published	2008
Frequency	Annual

Contents

Verizon Data Breach Investigations Report The annual incident analysis is a widely cited cyber security study produced by Verizon Communications, used by practitioners in Microsoft, Google, Amazon (company), IBM and by policymakers in United States Department of Homeland Security, European Commission, National Institute of Standards and Technology and Australian Cyber Security Centre. It synthesizes breach and incident data from contributors including US-CERT, Interpol, Financial Services Information Sharing and Analysis Center, Verizon Business, SANS Institute and major commercial partners to inform stakeholders such as Bank of America, JPMorgan Chase, Walmart, Mastercard and Visa Inc..

Overview

The report aggregates incident data and breach investigations compiled by Verizon Communications analysts and partners including Mandiant, Symantec, Palo Alto Networks, FireEye and CrowdStrike to characterize patterns affecting entities like Sony Corporation, Equifax, Target Corporation, Marriott International and British Airways. It frames findings against frameworks such as MITRE ATT&CK, PCI DSS, ISO/IEC 27001, NIST Cybersecurity Framework and COBIT to guide organisations including Deutsche Bank, Goldman Sachs, HSBC Holdings, Cisco Systems and Siemens.

Findings highlight actor motives tied to financially motivated groups like FIN7, state-affiliated actors linked to Advanced Persistent Threat 28, and opportunistic actors seen in incidents impacting Yahoo!, LinkedIn, Dropbox, Adobe Systems and Equifax. Trends describe attack vectors such as phishing campaigns resembling patterns observed in incidents at Sony Pictures Entertainment and Uber Technologies, credential compromise as in Marriott International disclosures, misuse of misconfigured cloud storage like cases involving Accenture and exploitation of known vulnerabilities catalogued by CVE and mitigated by Microsoft Patch Tuesday. Reports compare sectoral impact across healthcare, finance, retail, education and government agencies such as Department of Defense and Department of Education using examples from Anthem (company), Capital One, Target Corporation and City of Atlanta.

Industry analysis segments incidents affecting financial services firms such as JPMorgan Chase and Citigroup, healthcare organizations exemplified by Anthem (company) and Premera Blue Cross, retail breaches at Target Corporation and Home Depot, and technology sector incidents impacting Facebook, Google, Apple Inc. and Microsoft. The threat landscape discussion references actor groups like Lazarus Group, APT29, APT28, Cobalt Group and Carbanak, and tools and techniques documented in cases involving Ransomware families such as WannaCry, NotPetya, Ryuk and Maze. Cross-sector comparisons draw on lessons from SWIFT (network) compromises, supply chain incidents such as the SolarWinds compromise, and large-scale data leaks including Panama Papers style exposures.

The report often annotates high-profile breaches including Equifax, Yahoo!, Target Corporation, Marriott International and Sony Pictures Entertainment with timelines and mitigation lessons referencing investigations by Federal Bureau of Investigation, UK Information Commissioner's Office, Irish Data Protection Commission and Australian Information Commissioner. It highlights supply chain incidents similar to SolarWinds and cloud misconfiguration events comparable to losses at Accenture and Capital One, and ransomware incidents paralleling WannaCry and NotPetya responses coordinated with FBI, Europol and Interpol.

Recommendations align with controls found in NIST Cybersecurity Framework, ISO/IEC 27001, PCI DSS standards and guidance from CISA and ENISA, advising practices adopted by Microsoft, Amazon (company), Google, IBM and Cisco Systems. Prescriptive measures emphasize multifactor authentication used by Bank of America and Mastercard, patch management policies following Microsoft Patch Tuesday cadence, network segmentation as in Department of Defense guidance, and incident response rehearsals reflecting exercises by NATO and Five Eyes partners. The report encourages information sharing through organizations like Information Sharing and Analysis Center, APWG and FIRST to reduce time-to-detection in incidents similar to those affecting Equifax and Marriott International.

First published in 2008 by Verizon Communications with analytic roots in investigations performed by Verizon Business, the report grew through partnerships with US-CERT, DHS, SANS Institute, Mandiant and private-sector contributors such as CrowdStrike and Symantec. Its framework evolved alongside standards like ISO/IEC 27001 and NIST Cybersecurity Framework and adapted to emergent threats demonstrated by WannaCry, NotPetya, the SolarWinds supply chain compromise and disclosures from Edward Snowden era reporting. Over time it influenced policy discussions involving European Commission, UK Home Office, Australian Signals Directorate and regulatory action by bodies like UK Information Commissioner's Office and Federal Trade Commission.