author photo
By Bruce Sussman
Thu | Jun 27, 2019 | 10:46 AM PDT

How long does it take to detect a network breach?

In the case of dental and vision insurer Dominion National, the answer is nearly nine years! That's 63 dog years, if you are keeping count.

The company has started notifying customers and posted details of how it finally discovered its data breach:

"On April 24, 2019, through our investigation of an internal alert, with the assistance of a leading cyber security firm, we determined that an unauthorized party may have accessed some of our computer servers. The unauthorized access may have occurred as early as August 25, 2010."

In other words, more than 3,000 days from cyber incident to breach discovery.

Types of data potentially exposed

Dominion National is still investigating how many customers may have had their information exposed. However, it revealed a laundry list of the types of information that may have been breached:

  • customer names
  • addresses
  • email addresses
  • dates of birth
  • Social Security numbers 
  • For members who enrolled online through Dominion National’s website: bank account and routing numbers
  • For doctors and medical providers: names, dates of birth, and Social Security numbers and/or taxpayer identification numbers

Average time for breach discovery

Since the Dominion National breach went nearly nine years from breach to discovery, we thought this would be a good time to look at the latest trends in this area.

So what is the average time from incident to breach discovery?

The latest study by the Ponemon Institute on behalf of IBM found that the average time required to identify a data breach is currently 197 days.

The study also found that the average amount of time required to contain a data breach once it is identified is 69 days. 

Dominion National data breach: next steps

While we wait to hear specific numbers, we already know that Dominion National is taking steps to make sure another nine-year "incident to breach detection" doesn't happen there again:

"After learning of this, we moved quickly to clean the affected servers and implement enhanced monitoring and alerting software."

Enhanced monitoring sounds like a good move. Let's just hope there is someone to sort through the increased number of alerts.

So what do you think: Are there unknown data breaches lurking in networks across North America even years after they occur? Or is this case a true anomaly?