Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

Report: Nearly 200 Million Records Compromised In Q1

More than 250 breaches were disclosed in Q1 2014, SafeNet report says.

More than 250 data breaches occurred in the first quarter of 2014, resulting in the compromise of nearly 200 million records, according to a report published this week.

According to SafeNet's "Breach Level Index," the pace of compromised data in Q1 amounted to approximately 93,000 records per hour, a 233 percent increase over the same quarter in 2013.

Interestingly, despite much discussion of retail security following breaches at Target and other retailers in Q4 2013, the retail industry accounted for just 1 percent of the records lost in Q1, and just 10 percent of the breaches. The financial industry was hit hardest during Q4, accounting for 58 percent of records lost. The technology industry accounted for 20 percent of lost records. The healthcare industry was hit hard in terms of breach events, accounting for 24 percent of all breaches, but only 9 percent of data records lost.

South Korea took the top spot of all countries with four of the top five breaches worldwide and a loss of 158 million records across a variety of industries. This represents 79 percent of the total number of reported breached records worldwide. These four breaches included the Korea Credit Bureau, Korean Medical Association, Korea Telecom, and Naver, a major Korean search portal. While the number of South Korean breached records was extremely high, the number of breach incidents in Asia/Pacific as a whole accounted for only 7 percent of the total number of global breaches, dwarfed by the 78 percent (199 incidents) that occurred in North America and 13 percent in Europe.

Malicious outsiders accounted for 156 (62 percent) of total incidents during the first quarter, compromising more than 86 million records stolen. Malicious insiders accounted for just 11 percent of total incidents, but they were much more effective, accounting for 52 percent of records stolen. Accidental loss represented 25 percent of total incidents, while hacktivist and state-sponsored attacks added up to just 2 percent of the total.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BobH088
50%
50%
BobH088,
User Rank: Apprentice
5/2/2014 | 10:53:44 AM
solution
One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information.  I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/1/2014 | 5:06:08 PM
Re: Confusing description of the amount of records breached
Yes, you would think these numbers would spur some action..We'll see.
Duane T
100%
0%
Duane T,
User Rank: Apprentice
5/1/2014 | 12:13:44 PM
Confusing description of the amount of records breached
"the pace of compromised data in Q1 amounted to approximately 93,000 records per hour"

Does that mean the average was 93,000 records per hour, or that we're on pace to reach that level? I was left looking for additional follow up, as I usually see a continued "size of problem" explanation that might be even scarier "if this rate of increase continues, we'll reach 1B records" or some other scary figure.

Why does this matter? Sometimes such a summary puts the figure into a perspective that can spur action.  The previous commentor knows exactly where this goes, since 1B records would mean that every US cititzen would have their records stolen 3 times. That may or may not happen, however, this is a very possible outcome of the tread from this article. I don't know what it will take but these numbers should spur deeper and more serious thinking about security for retailers and other firms.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/1/2014 | 10:28:41 AM
Tip of the iceberg
What is amazing to me is this is just the numbers that were reported.  Many times when a breach occurs the organization covers up the incident rather than reporting it.  Other times, a breach occurs and no one notices.

To put this number into perspective, lets imagine that each of the 200 million records was a unique record for someone living in the USA.  That would mean that 63% of all Americans had a compromised record in the first quarter of this year.
Why AI Will Create Far More Jobs Than It Replaces
John DiLullo, CEO, Lastline,  5/14/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11809
PUBLISHED: 2019-05-20
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVE-2019-12198
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.