A survey of public data breaches has found a large increase in the number of records that have been stolen, lost or compromised in the first six months of 2017.
The firm Gemalto said that the number of records caught up in breaches jumped 164% from the second half of 2016 and the first half 2017 to almost 2 billion lost records. That is more than the total number of records lost in all of 2016. Gemalto said its latest data from the company’s Breach Level Index, a global database of public data breaches, indicates 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017. Most of the leaked records came from just 22 large data breaches, each involving more than one million compromised records, the company said.
How many records? Nobody knows.
Even more worrying: of the 918 data breaches, the exact number of compromised data records was “unknown” or “unaccounted for” in more than 500 (or 59% of all breaches), Gemalto said. That suggests the actual total of breached records could be much higher than stated. Attacks by malicious outsiders made up close to three quarters of all data breaches (74%), a big jump over last year. Insider attacks only made up 8% of all breaches, but the amount of records compromised in insider attacks jumped substantially from half a million to more than 20 million records compared with the previous six months.
In March, Gemalto reported that 1.4 billion records were exposed in breaches in all of 2016, according to the Breach Level Index. That marker has been surpassed in just the first half of this year. The company said more than 9 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Looked at another way: 1.9 billion records over six months translates into 10 million records compromised or exposed every day, or one hundred and twenty-two records every second, including medical, credit card and/or financial data or personally identifiable information.
The leaks are having an economic impact on companies. A report by the firm CGI and Oxford Economics suggests the impact of breaches on the price of a company’s stock may be bigger than many expected. According to the study, which relied on data from the Breach Level Index, one out of the 65 companies evaluated the breach cost shareholders over $52.40 billion.
Increases across industries
Gemalto found that data breaches increased across most industries. “Most of the industries the Breach Level Index tracks had more than a 100% increase in the number of compromised, stolen or lost records,” the company said. The number of breaches affecting educational institutions jumped 103% while the number of records lost or stolen jumped by 4,000%, Gemalto said. Much of that jump is the result of a malicious insider attack compromising millions of records from one of China’s largest comprehensive private educational companies, however.
The U.K’s National Health Service, which was the victim of the WannaCry malware, was one of the top five breaches in the first half with over 26 million compromised records. Financial services, government and entertainment were also industries that experienced a significant jump in the number of breached records, with entertainment breach incidents increasing 220% in the first six months of 2017.
There was some cause for cheer. Account takeover attacks dropped by 46% from 2016. There was also a jump in what Gemalto termed “nuisance” data breaches, which represented 81% of all lost, stolen or compromised records – though just 1% of data breach incidents.