If you read in the papers about a data breach, you typically only read about the number of records breached. What actually went wrong, how the attackers got in and how such an attack could have been prevented - you never read that in the press. By sharing intelligence from our forensic investigations, we give an inside view of these data breaches including analysis that we believe will be helpful to the planning and security efforts of our readers, so these can be based on actual incident data rather than newspaper stories. This presentation will combine information from the latest Verizon Data Breach Investigation Report - containing data from both Verizon and United States Secret Service cases - to provide an inside look into the world of investigating data breaches, using real world data and case examples. I'll also highlight how we think incident data sharing can be setup amongst organisations to result in more widely available information on security incidents.