Seven Year Itch: Too Many Places to "Scratch"
Well, it took seven years to catch them, but according to reports: Four Russian nationals and a Ukrainian have been charged with running a sophisticated hacking organization that over seven years penetrated computer networks of more than a dozen major American and international corporations, stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars.
These thieves accessed data on many servers located in multiple places within their targets' environments. This kind of loss shouldn't be a surprise to anyone at this point. What's making it a "shock" is just the sheer volume and length of time this went on. Otherwise, the reality is these types of breaches happen everyday.
Here's why: The 2013 Verizon Data Breach Report indicates that organizations have too many copies of data in their environments. Many of these copies are in lesser controlled and monitored areas which are used for training, software development, and testing. Eliminating real data from these environments would enable organizations to concentrate on the remaining locations where real data exists, making better use of their security investment.
Additionally, the training and software development and testing environments can be masked (or de-identified) so that they contain fictitious but realistic looking data which will suffice for their purposes.