Break Down of the 2018 Breach Level Index (BLI) Stats:
• 25,155,650 records compromised every day
• 1,048,152 records compromised every hour
• 17,469 records compromised every minute
• 291 records compromised every second
Data breaches had a field day in 2017. According to the BLI, a system used by Gemalto to track compromised records, 2017 was one of the only years where more than two billion records were compromised in publicly disclosed data breaches. The only other year to do so was 2013 due to the exposure of all three billion Yahoo users’ accounts, an event which Verizon Communications disclosed four years later.
But now another year has exceeded the threshold of two billion breached files. Gemalto has analyzed the BLI’s observations during the first half of 2018. Its findings are truly staggering. In just six months, the system tracked more than 4.5 billion breached data files. This figure represents a 133 percent increase over H1 2017, and it’s more than double the amount reported for the entire 2017 calendar year.
Two breaches in particular drove this growth. In the first incident, malicious actors abused Facebook’s search and account recovery processes to scrape public profile information from most of the platform’s 2 billion+ users. The second breach involved the sale of an anonymous service that allowed anyone with 500 rupees to access all 1.2 billion Indian citizens’ personal data. Absent these two security incidents, the number of compromised records would actually have been around 30 percent less than the total for H1 2017.
Even so, the Breach Level Index didn’t detect as many incidents in H1 2018 as it did a year earlier. The system observed just 945 security events during the reporting period. That’s 18.7 percent fewer than the 1,162 breaches disclosed in H1 2017.
The Main Trends From the 2018 Report:
• Identity theft yet again the top data breach type: Identity theft was responsible for nearly four billion records compromised in the first half of the year, which represents growth of more than a thousand percent compared to the previous year. During the same time frame, the number of incidents involving identity theft decreased by a quarter.
• Malicious outsiders and accidental loss the most prevalent sources of data breach: The number of events involving malicious outsiders decreased by nearly 40 percent in 2018, but the incidents that did occur compromised more than 3.5 billion records—over a thousand percent more than the previous year. By contrast, the sum of records exposed in incidents of accidental loss dropped by 47 percent to under a billion.
• Social media weathered the greatest number of compromised records: Facebook wasn’t the only social giant that suffered a data breach in the first half of 2018. Twitter also experienced a security incident where a software glitch potentially exposed the login credentials of its 330 million users. In total, data breaches compromised 2.5 billion records stored by social media giants.
• Incidents in healthcare and financial services declined: The number of compromised files and data breaches decreased for both healthcare and financial services. These declines at least in part reflected the introduction of new national regulations that help regulate health data and financial transactions.
• North America led the way in publicly disclosed data breaches: This region represented more than 70 percent of data records compromised in H1 2018. In total, there were 559 events in the region, a number which was 45.3 percent less than H1 2017.
New Data Privacy Regulations Take Effect:
In the wake of new data protection regulations, reporting of security incidents is on the rise. Following the passage of the Australian Privacy Amendment (Notifiable Data Breaches) Act, the Office of the Australian Information Commissioner (OAIC) received 305 data breach notifications by the end of the second quarter of 2018. This number is nearly triple the amount of the number submitted to the OAIC for the entire 2016-2017 fiscal year. Such growth in data breach reporting will likely continue through the rest of 2018 and beyond under GDPR and New York’s Cybersecurity Requirements for Financial Services Companies.
*** This is a Security Bloggers Network syndicated blog from Enterprise Security – Gemalto blog authored by Gemalto. Read the original post at: https://blog.gemalto.com/security/2018/10/09/breached-records-more-than-doubled-in-h1-2018-reveals-breach-level-index/