‘Stunning’ growth in records exposed in data breaches

goddijn inga

The scale of data breaches affecting consumers and companies has been revealed in new research that shows six billion records were compromised in the first half of 2017.

There were 2,227 publicly disclosed ‘data compromise events’ to the end of June, which is broadly similar to 2015 and 2016, but the total number of exposed records has already broken last year’s record figure.

Inga Goddijn, executive vice president for Risk Based Security, which revealed the figures in its mid-year Data Breach QuickView report, said: “It is stunning to see the steady increase in the number of breaches impacting one million or more records.

“In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid-teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents.”

The first quarter of 2017 saw the single largest breach disclosed, only for it to be beaten by a second record breach during Q2. Another trend that has accelerated in 2017 is the targeting of tax data.

In addition to scamming HR professionals, organizations that aggregate such data were also targeted. A number of accounting firms and payroll service providers were breached along with third-party service providers.

In one case, vulnerable code in a service platform was exploited, resulting in the compromise of approximately 5.5 million job seekers’ names, addresses, dates of birth and social security numbers.

Hacking accounted for 41% of disclosed breaches, with Goddijn warning: “There are a lot of moving parts to an effective patch management program, but no matter how strong that process might be, it can be undermined when known vulnerabilities are missed simply because the organization was not aware to look for them.

“The breach activity we are tracking this year is a stark reminder of just how many data compromise incidents are motivated by financial gain. As long as information can be quickly monetized and systems remain vulnerable to attack, we should not expect to see any slowdown in breach activity”.

The USA dominates the list of the number of data breaches by country and was second when it came to the volume of records exposed, but several European countries are also named.

The warning comes as finance companies throughout Europe race to be complaint with the new EU General Data Protection Regulation (GDPR).

The GDPR, which comes into force in May 2018, strengthens data protection regulations for all individuals within the EU and aims to give control of personal data back to consumers.

The new rules identify personal data as any information relating to an individual, whether it relates to private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.

Difficult elements include the ability of consumers to challenge automated individual decision-making, including profiling and algorithm-based assessments.

Risk Based Security provides detailed information and analysis on data breaches, vendor risk ratings and vulnerability intelligence.

Data breaches by country

USA 1,367
UK 104
Canada 59
India 52
Australia 34
China 22
Ukraine 19
Russia 19
Indonesia 18
Iran 14

Source: Risk Based Security

Data breaches by exposed records (million)

China 3,822
USA 3,746
India 179
Philippines 55
Hong Kong 12
South Africa 6
United Kingdom 2.4
Canada 2.1
Finland 1.1
Japan 0.7

 Source: Risk Based Security