weerapat1003 - stock.adobe.com
2019 set to be another record year for data breaches
The number of data breach incidents continues to rise and looks set to reach another record this year, with the business sector first in the firing line, according to a mid-year breach report
The number of reported data breaches has gone up by 54% and the number of exposed records is up 52% in the first half of the year compared with the same period in 2018, with the business sector most affected, a report reveals.
A total of 3,813 breaches were reported in the first six months of 2019, exposing over 4.1 billion records, according to the 2019 Mid-year quick view data breach report by threat intelligence firm Risk Based Security.
Eight large breaches exposed more than 100 million records each, totalling more than 3.2 billion records and accounting for 78.6% of the total records exposed in the first half of the year.
“It is hard to be optimistic on the outlook for the year,” said Inga Goddijn, executive vice-president of Risk Based Security.
“The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate.”
The business sector accounted for 67% of reported breaches and 84.6% of records exposed, followed by the medical sector (14%), government (12%) and education (7%).
Web remains the number one breach type for number of records exposed, accounting for 79% of compromised records, the report said, while unauthorised access remains the number one breach type for number of incidents, accounting for 82% of reported breaches.
Phishing is a tried and tested first step for gaining access to systems and services, the report said, with phishing for credentials often providing attackers with access to users’ email accounts.
While the data held in email may not be as easily monetised as other datasets, the report said it leads to the exposure of unusual or unexpected types of data, including electronic signatures, calendars, marriage certificates, and company issued employee ID numbers.
“Quarter after quarter the pattern has repeated itself,” said Goddijn, with the vast majority of incidents attributable to malicious actors outside an organisation.
“Unauthorised access of systems or services, skimmers and exposure of sensitive data on the internet have been the top three breach types since January of 2018.
“However, insider actions, both malicious and accidental, have driven the number of records exposed,” she said.
Despite the bleak outlook, Goddijn said there have been some “bright spots” with more organisations choosing to report data breaches than in the past.
“The most recent example of this came up recently, when Monzo Bank opted to report customers’ account PINs being inadvertently stored in internal logs that were accessible to their engineering teams.
“Once the issue was identified, the bank had it corrected and disclosed within five days. A breach is rarely good news, but a fast response coupled with open communication speaks well of the organisation. We hope to see more organisations following Monzo’s lead as the year unfolds,” she said.
Read more about data breaches
- Credit union cooperative Desjardins reveals that a data breach in June cost the company $53m in the second quarter, but that could be just the start, warn industry commentators.
- Most ICO data breach reports late and incomplete prior to full GDPR implementation, FoI request data reveals, raising doubts about breach prevention, detection and response capabilities.
- Data breaches in Australia show no sign of abating.
- Data breaches affected more than a billion people in 2018.