Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Data Leakage

09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb

Gemalto: 4.5B Records Breached in First Half of 2018

Gemalto's Breach Level Index showed a staggering 133% increase in data breaches between the first half of 2017 and the first six months of this year. However, most of this malicious activity is attributable to two incidents - one involving Facebook.

Anyone paying attention to headlines in the past several months can see that the number and frequency of data breaches is creeping upwards. Now, Gemalto is putting an actual figure to these security incidents and the result is staggering.

In the first half of this year, Gemalto's Breach Level Index (BLI) recorded more than 4.5 billion records breached or compromised throughout the globe. That's a whopping 133% increase compared to the same time period in 2017, and more than double than the amount of data breached reported all of last year.

Additionally, the BLI has gone over 2 billion records in the first half of this year, which is a feat that hasn't been accomplished since 2013, when Yahoo got eaten up and blew out the records of 3 billion users.

Why does Gemalto's BLI look like the National Debt Clock in NYC? Is this an aberration or a trend? Well, both.

There were two massive incidents during the reporting period. In the first incident in April, malicious actors scraped public profile information from most of Facebook's 2 billion plus users. The second breach in early January involved the sale of an anonymous service that allowed anyone with 500 rupees to access all 1.2 billion Indian citizens' personal data. (See Facebook Privacy Policy Is Under Investigation by FTC.)

Those are the aberration points.

If these hadn't happened, however, the number of compromised records would actually have been around 30% less compared to the first half of 2017. Which may be a different trend hiding there under all that noise.

Total incident numbers were down for the reporting period as well. There were 945 security events observed in the first half of 2018, which is 18.7% fewer than the 1,162 breaches disclosed in the first half of 2017.

No other source of data breaches -- in terms of absolute numbers -- came close to what malicious outsiders were able to do in the first half of 2018. The number of records exposed by external attackers rose by 1,294% to 3,648,160,927 which is 80% of the total number of records that were breached.

Individual breach incidents were also most caused by malicious outsiders, the report found. But only 56% of the total incident occurrence was due to them.

Accidental loss was a strong second source with 34% of the incidents ascribed to this category. This would be 19% of the total number of records breached. Accidental loss was the most prevalent source that the report found in the first six months of 2017, so there have been some changes in source totals over a year.

The data that was breached was usually identity theft related. This accounted for 3,972,437,893 compromised records, which is approximately 87% of the accounts that were breached in the first six months of this year.

ID theft is growing as well. Gemalto found an identity theft growth of 1,128% compared to the previous year.

Though it is simple to point at the giant social media breaches, other sectors such as industrial, professional services, hospitality and healthcare all saw increases in compromised records, according to Gemalto.

A report like this one can give some structure to the file breach situation faced by the security team, and help to focus their efforts.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-05
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
PUBLISHED: 2020-08-05
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
PUBLISHED: 2020-08-05
IBM UrbanCode Deploy (UCD),,, and is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
PUBLISHED: 2020-08-05
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered c...
PUBLISHED: 2020-08-05
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to cre...