Major Data Breaches Increasing At Alarming Pace

Posted by Anna Lothson on Jul 28, 2017 8:00:00 AM

Globally and within the U.S., data breaches are a rapidly-growing concern across many industries. A new study indicates 2017’s figures (just halfway through the year) are trending above the total number of breaches seen in all of 2016.

The study, conducted by cyber analytics firm Risk Based Security, reviewed data breaches on a global scale and indicated that between Jan. 1 and June 30 of this year, there have been at least 2,227 breaches. That figure is only including breaches that were publicly disclosed — suggesting the actual data breach figure is far above what this study recorded.

“It is stunning to see the steady increase in the number of breaches impacting one million or more records. In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid-teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents,” said Risk Based Security Executive Vice President Inga Goddijn.

What was even more problematic, Goddijn said, was the fact that 2017 brought out a massive breach in the first quarter of the year (China with 2 billion records), only to be followed in the second quarter by an even bigger breach of 2.3 billion records from River City Media in the U.S. The report indicated that the U.S. accounted for 61.4 percent of all breaches, and roughly a third of all exposed records so far in 2017.

As for U.S. states impacted the most, Washington ranked first (1.4 billion records exposed, or 73%). Other states — California, Texas, Florida, New York, Pennsylvania, Virginia, Ohio, Illinois, Maryland and North Carolina – accounted for roughly 50 percent of all the U.S. breaches in 2017 as of June 30.

Key Trends Highlighted in the Report

  • Tax data a hot-ticket item: Hackers going after tax data is a new trend that has risen in 2017. Phishing attacks compromising W-2 data hit more than 200 incidents.
  • Accounting firms and payroll service a key target: Organizations that aggregate data are a target for hackers. In one instance, 5.5 million job seekers' personal data (including SSN#) were compromised.
  • 2017 is setting data breach records: 4 of the breaches recorded (+6B records) were on the Top 10 list of all-time largest data breaches.
  • Breaches are getting bigger and are concentrated: 10 breaches accounted for a majority of all records exposed (5.6B of the 6B exposed). 77% of the breaches came from just 10 countries.
  • Social Security numbers are at an increased risk: Breaches impacting social security numbers grew to 26.1% in the first half of 2017 (up from 17.6% in 2016).
  • Hacking remains the top cause of data breaches: Hacking accounts for 41% of data breaches.
  • Skimming is a major cause of data breaches: 272 breaches in the first half of 2017 were a result of card reader skimming.
  • Breach detection is still a major problem for most companies: Roughly 50% of the time, external parties alert companies to breaches and companies are not able to detect the incidents on their own. Of the 2,227 breaches in the report, only 443 were from internal sources.

'A Lot Of Moving Pieces'

“There are a lot of moving parts to an effective patch-management program, but no matter how strong that process might be, it can be undermined when known vulnerabilities are missed simply because the organization was not aware to look for them,” Goddijn said.

That's one key point organizations should make note of when considering what fraud detection solution is right for their company. WIthout being proactive about fraud prevention, companies risk becoming the next major breach statistic. 

“While news of politically motivated foreign interference in election systems continues to dominate the headlines, the breach activity we are tracking this year is a stark reminder of just how many data compromise incidents are motivated by financial gain. As long as information can be quickly monetized and systems remain vulnerable to attack, we should not expect to see any slowdown in breach activity,”Goddijn concluded.