Vulnerabilities / Threats // Insider Threats
5/1/2014
08:50 AM
Tim Wilson
Tim Wilson
Quick Hits
50%
50%

Report: Nearly 200 Million Records Compromised In Q1

More than 250 breaches were disclosed in Q1 2014, SafeNet report says.

More than 250 data breaches occurred in the first quarter of 2014, resulting in the compromise of nearly 200 million records, according to a report published this week.

According to SafeNet's "Breach Level Index," the pace of compromised data in Q1 amounted to approximately 93,000 records per hour, a 233 percent increase over the same quarter in 2013.

Interestingly, despite much discussion of retail security following breaches at Target and other retailers in Q4 2013, the retail industry accounted for just 1 percent of the records lost in Q1, and just 10 percent of the breaches. The financial industry was hit hardest during Q4, accounting for 58 percent of records lost. The technology industry accounted for 20 percent of lost records. The healthcare industry was hit hard in terms of breach events, accounting for 24 percent of all breaches, but only 9 percent of data records lost.

South Korea took the top spot of all countries with four of the top five breaches worldwide and a loss of 158 million records across a variety of industries. This represents 79 percent of the total number of reported breached records worldwide. These four breaches included the Korea Credit Bureau, Korean Medical Association, Korea Telecom, and Naver, a major Korean search portal. While the number of South Korean breached records was extremely high, the number of breach incidents in Asia/Pacific as a whole accounted for only 7 percent of the total number of global breaches, dwarfed by the 78 percent (199 incidents) that occurred in North America and 13 percent in Europe.

Malicious outsiders accounted for 156 (62 percent) of total incidents during the first quarter, compromising more than 86 million records stolen. Malicious insiders accounted for just 11 percent of total incidents, but they were much more effective, accounting for 52 percent of records stolen. Accidental loss represented 25 percent of total incidents, while hacktivist and state-sponsored attacks added up to just 2 percent of the total.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BobH088
50%
50%
BobH088,
User Rank: Apprentice
5/2/2014 | 10:53:44 AM
solution
One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information.  I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/1/2014 | 5:06:08 PM
Re: Confusing description of the amount of records breached
Yes, you would think these numbers would spur some action..We'll see.
Duane T
100%
0%
Duane T,
User Rank: Apprentice
5/1/2014 | 12:13:44 PM
Confusing description of the amount of records breached
"the pace of compromised data in Q1 amounted to approximately 93,000 records per hour"

Does that mean the average was 93,000 records per hour, or that we're on pace to reach that level? I was left looking for additional follow up, as I usually see a continued "size of problem" explanation that might be even scarier "if this rate of increase continues, we'll reach 1B records" or some other scary figure.

Why does this matter? Sometimes such a summary puts the figure into a perspective that can spur action.  The previous commentor knows exactly where this goes, since 1B records would mean that every US cititzen would have their records stolen 3 times. That may or may not happen, however, this is a very possible outcome of the tread from this article. I don't know what it will take but these numbers should spur deeper and more serious thinking about security for retailers and other firms.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/1/2014 | 10:28:41 AM
Tip of the iceberg
What is amazing to me is this is just the numbers that were reported.  Many times when a breach occurs the organization covers up the incident rather than reporting it.  Other times, a breach occurs and no one notices.

To put this number into perspective, lets imagine that each of the 200 million records was a unique record for someone living in the USA.  That would mean that 63% of all Americans had a compromised record in the first quarter of this year.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.