Gemalto released the latest findings of the Breach Level Index,
a global database of public data breaches, revealing 945 data breaches
led to 4.5 billion data records being compromised worldwide in the first
half of 2018. Compared to the same period in 2017, the number of lost,
stolen or compromised records increased by a staggering 133 percent,
though the total number of breaches slightly decreased over the same
period, signaling an increase in the severity of each incident.
A
total of six social media breaches, including the Cambridge
Analytica-Facebook incident, accounted for over 56 percent of total
records compromised. Of the 945 data breaches, 189 (20 percent of all
breaches) had an unknown or unaccounted number of compromised data
records.
The
Breach Level Index is a global database that tracks data breaches and
measures their severity based on multiple dimensions, including the
number of records compromised, the type of data, the source of the
breach, how the data was used, and whether or not the data was
encrypted. By assigning a severity score to each breach, the Breach
Level Index provides a comparative list of breaches, distinguishing data
breaches that are not serious versus those that are truly impactful.
According
to the Breach Level Index, almost 15 billion data records have been
exposed since 2013, when the index began benchmarking publicly disclosed
data breaches. During the first six months of 2018, more than 25
million records were compromised or exposed every day, or 291 records
every second, including medical, credit card and/or financial data or
personally identifiable information. This is particularly concerning,
since only one percent of the stolen, lost or compromised data records
were protected by encryption to render the information useless, a
percent-and-a-half drop compared to the first six months of 2017.
"Obviously,
this year social media has been the top industry and threat vector for
the compromise of personal data, a trend we can expect to continue with
more and more sectors leveraging these platforms to reach key audiences,
especially political teams gearing up for major elections," said Jason Hart, vice president and chief technology officer for data protection at Gemalto. "We
also expect to see more data breaches reported by European Union
countries bound by the new General Data Protection Regulation and in
Australia with the new Notifiable Data Breaches law. We should be
careful not to misconstrue this as an increase in overall incidents in
these areas but rather as a more accurate reflection of what is actually
going on."
Primary Sources of Data Breaches
Malicious
outsiders caused the largest percentage of data breaches (56 percent), a
slight decrease of almost seven percent over the second half of 2017
and accounted for over 80 percent of all stolen, compromised or lost
records. Accidental loss accounted for over 879 million (9 percent) of
the records lost this half, the second most popular cause of data
breaches representing over one third of incidents. The number of records
and incidents involved in malicious insider attacks fell by 50 percent
this half compared to the same time period in 2017.
Leading Types of Data Breaches
Identity
theft continues to be the leading type of data breach, as it has been
since Gemalto first started tracking in 2013. While the number of
identity theft breaches increased by 13 percent over the second half of
2017 to just over 64 percent, the number of records stolen through these
incidents increased by 539 percent, representing over 87 percent of all
records stolen.
Financial
access incidents show a disturbing trend in the escalation of severity.
Though overall incident numbers are on the decline H1 2017 vs. H1 2018
(171 for H1 2017 and 123 for H1 2018), the number of records breached
increased H1 2017 vs. H1 2018 (2.7 million and 359million) respectively.
Industries Most Affected by Data Breaches
Most
sectors saw an increase in the number of incidents compared to the
previous half - the exceptions were government, professional services,
retail and technology, though both government and retail saw an increase
in the number of records breached through fewer events.
Healthcare
continues to lead in number of incidents (27 percent). The largest such
incident, 211 LA County, exposed 3.5 million records through accidental
loss.
Social
media ranks top for number of records breached (56 percent) due to the
high-profile customer data compromises at Facebook and Twitter,
involving 2.2 billion and 336 million respectively.
Geographic Distribution of Data Breaches
North
America still makes up the majority of all breaches and the number of
compromised records, 59 and 72 percent respectively. The United States
is still by far and away the most popular target for attacks,
representing more than 57 percent of global breaches and accounting for
72 percent of all records stolen, though overall incidents are down 17
percent over the prior half.
With
the implementation of the Notifiable Data Breaches law, the number of
incidents in Australia increased dramatically from 18 to 308 as could be
expected.
Europe
saw 36 percent fewer incidents but a 28 percent increase in the number
of records breached indicating growing severity of attacks. The United
Kingdom remains the most breached country in the region. With the
General Data Protection Regulation in full effect for the second half of
2018, the number of reported incidents could begin to rise.