Interhack Framework used for California Attorney General's Data Breach Report

California Attorney General released 2012 Data Breach Report using Interhack founder C. Matthew Curtin and visiting scientist Lee Ayres' taxonomy of data loss incidents.

Columbus, OH- On Monday July 1, the Attorney General from California released the 2012 Data Breach Report using Interhack founder C. Matthew Curtin and visiting scientist Lee Ayres' methodology of taxonomizing data loss.

taxonomy-fig.jpgThe Breach Report is used to gain an understanding of the types of incidents take place, what vulnerabilities are exposed, and what can be done in the future to halt or diminish the probability of future breaches. The Privacy Enforcement and Protection Unit, who put the report together, used Interhack's framework from Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry to categorize the types fo failures that comprimised Califonians' personal information in the year 2012.

By using Interhack's method, the Attorney General's report clearly and repeatably classifies failures by proximate cause.  The study concluded that Logical failures, specifically from outsiders, were the most common failures and addressed it in the first two reccomendations to combat data breaches.

The Interhack Breach Taxonomy classification method was developed in 2007 by Lee Ayres and C. Matthew Curtin. It has been cited in the literature, including articles released by The University of Washington, Nova Southeastern University, and Emerald Group.

“We're delighted to see the taxonomy put to good use,” said Mr. Curtin. “Our objective has been to make a research tool that can be used for open and reliable analysis of data breach reports that will support both accuracy and precision. We believe that the approach produces more consistent results than work done with private datasets using classification methods that cannot be openly replicated.”


About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Additional information about Interhack is available at