Attacks/Breaches
9/20/2017
10:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

1.9 Billion Data Records Exposed in First Half of 2017

Every second, 122 records are exposed in breaches around the globe, a new report shows. And that's doesn't even include the new Equifax breach data.

More than 10 million data records are pilfered or lost every day around the world, a rate of more than 7,000 per minute: and that's only the numbers from breaches that go public.

Some 1.9 billion data records were exposed in breaches in the first half of this year, a dramatic increase of 164% from the second half of 2016, according to the Breach Level Index for the first half of 2017, compiled by Gemalto.

"It blows me away at this moment that every single day, more than 10 million pieces of data are exposed," says Jason Hart, vice president and CTO for data protection at Gemalto.

If you (rightfully) think those numbers are dire, just wait until after the General Data Protection Regulation (GDPR) kicks in next year and European organizations are required to report breaches of information that previously may have been kept under wraps.

"With GDPR kicking in next year in Europe, you'll have noticeable data breach" reporting increases, Hart notes. "This is just a drop in the ocean compared to what we're going to see."

Gemalto's midyear report crunches data from all publicly disclosed data breaches around the globe. There were a total of 918 data breaches reported, and more than 500 of those involved an unknown number of compromised accounts, so the full number of exposed records for the first half is actually not available. The company has counted more than 9 billion exposed data records from breaches since 2013 when it first began its Breach Level Index.

The report does not include the most recent big data breach revelation from Equifax.

Personally identifiable information, payment card data, financial data, and medical information were among the types of information exposed in the breaches. Nearly three-fourths of the breaches involved exposure of data that could be used for identity theft, and 74% came from outside attackers, an increase of 23% from last year. Just under 20% were the result of internal inadvertent data loss or exposure.

Encryption remains a missing link for protecting data: less than 1% of the exposed data in the first half of 2017 was encrypted. That's actually a decline of 4% in encryption from the last half of 2016. Overall, 42 of the publicly revealed breaches in the first half of 2017 involved data that was either fully or partially encrypted, which kept the data secured and useless to attackers.

"The annoying thing from my point of view is people just think by applying privacy controls, they are going to solve the problem" of breaches, Hart says. "It's not. That's a false sense of security. Security should be closest to the actual data" you're trying to protect, he says.

The education sector experienced a 103% increase in breaches and a 4,000% jump in the number of resulting exposed data records. That was mostly due to a major insider breach at a Chinese private educational firm earlier this year.

Healthcare suffered the highest number of breaches (228) worldwide, accounting for one-fourth of all such incidents.

Geographically, North America ranked at the top for the number of breaches and exposed data records, with more than 86% of the share in both cases. Breaches there were up 23% and the number of records, up 201%, according to the Breach Level Index.

  

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

 

Related Content:

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mjohnson681
50%
50%
mjohnson681,
User Rank: Apprentice
9/24/2017 | 3:16:32 PM
Make Data Records Worthless for Bad Guys
Instead of trying to continue to unsuccessfully protect data, why not implement sufficient controls to make the data worthless for the bad guys?  See post on LinkedIn.

https://www.linkedin.com/pulse/give-up-cybersecurity-programs-matthew-r-johnson-cpa-cisa
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/21/2017 | 9:13:31 AM
Re: A post-privacy world
Rule of Life - your data is ALREADY exposed.  From there, you can proceed to at least control of the type of data your have the world SEE.  I am against SS numbers as identifiers and shut down that practice is a good thing.  Keep any financially significant data OFFLINE as much as you canl.  (I mean on secondary hard drives turned OFF and not spinning.)  Passwords - complex, change frequently.  Monitor documents.  But assume you are already exposed and work from there.
MetLife-dams
50%
50%
MetLife-dams,
User Rank: Apprentice
9/21/2017 | 8:27:58 AM
Re: A post-privacy world
You're totally right, the privacy is already gone. These kind of situation will increase more and more with the time.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
9/20/2017 | 3:00:44 PM
Re: A post-privacy world
The data is certainly discouraging,  especially knowing this doesn't include Equifax nor unreported breaches in Europe, pre-GDPR. The common theme among most of these breaches is a failure in basic security hygeine. 
cybersavior
100%
0%
cybersavior,
User Rank: Strategist
9/20/2017 | 2:30:20 PM
A post-privacy world
It's time to think about how we live and participate in the global financial system with the knowledge that data elements you dutifully protected are now out of control and released.  Your personal data and details are out there.  It's the end of privacy as we know it.  The breaches that this article describes are merely the ones that we know about.  Many/most other companies are or have been owned.  Identification and auhorization need to make a quantum leap in positivity.  Do we submit to chip implantation or choose to live off the financial grid? 
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto, Associate Editor, Dark Reading,  12/4/2017
Tips for Writing Better Infosec Job Descriptions
Kelly Sheridan, Associate Editor, Dark Reading,  12/4/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.