1.9 Billion Data Records Exposed in First Half of 2017

More than 10 million data records are pilfered or lost every day around the world, a rate of more than 7,000 per minute: and that's only the numbers from breaches that go public.

Some 1.9 billion data records were exposed in breaches in the first half of this year, a dramatic increase of 164% from the second half of 2016, according to the Breach Level Index for the first half of 2017, compiled by Gemalto.

"It blows me away at this moment that every single day, more than 10 million pieces of data are exposed," says Jason Hart, vice president and CTO for data protection at Gemalto.

If you (rightfully) think those numbers are dire, just wait until after the General Data Protection Regulation (GDPR) kicks in next year and European organizations are required to report breaches of information that previously may have been kept under wraps.

"With GDPR kicking in next year in Europe, you'll have noticeable data breach" reporting increases, Hart notes. "This is just a drop in the ocean compared to what we're going to see."

Gemalto's midyear report crunches data from all publicly disclosed data breaches around the globe. There were a total of 918 data breaches reported, and more than 500 of those involved an unknown number of compromised accounts, so the full number of exposed records for the first half is actually not available. The company has counted more than 9 billion exposed data records from breaches since 2013 when it first began its Breach Level Index.

The report does not include the most recent big data breach revelation from Equifax.

Personally identifiable information, payment card data, financial data, and medical information were among the types of information exposed in the breaches. Nearly three-fourths of the breaches involved exposure of data that could be used for identity theft, and 74% came from outside attackers, an increase of 23% from last year. Just under 20% were the result of internal inadvertent data loss or exposure.

Encryption remains a missing link for protecting data: less than 1% of the exposed data in the first half of 2017 was encrypted. That's actually a decline of 4% in encryption from the last half of 2016. Overall, 42 of the publicly revealed breaches in the first half of 2017 involved data that was either fully or partially encrypted, which kept the data secured and useless to attackers.

"The annoying thing from my point of view is people just think by applying privacy controls, they are going to solve the problem" of breaches, Hart says. "It's not. That's a false sense of security. Security should be closest to the actual data" you're trying to protect, he says.

The education sector experienced a 103% increase in breaches and a 4,000% jump in the number of resulting exposed data records. That was mostly due to a major insider breach at a Chinese private educational firm earlier this year.

Healthcare suffered the highest number of breaches (228) worldwide, accounting for one-fourth of all such incidents.

Geographically, North America ranked at the top for the number of breaches and exposed data records, with more than 86% of the share in both cases. Breaches there were up 23% and the number of records, up 201%, according to the Breach Level Index.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Related Content: