Nearly two billion data records compromised in first half of 2017: report

More than 900 data breaches led to nearly two billion records being compromised worldwide in the first half of 2017, digital security company Gemalto said in a new report.

In the first six months of this year, 918 data breaches led to 1.9 billion data records being compromised, a “staggering” 164% increase from the number of lost, stolen or compromised records in the last six months of 2016, Gemalto said in a press release earlier this week. While “a large portion” came from the 22 largest data breaches, each involving more than one million compromised records, 59% of the 918 breaches had an “unknown or unaccounted” number of compromised data records.

By industry, healthcare accounted for 25% of the breaches (228 incidents), followed by “financial” (125 incidents) at 14%, education at 13% (118 incidents), retail at 12% (112 incidents) and government at 10% (89 incidents). “Insurance” specifically was only 1%, or 10 incidents, according to the Breach Level Index, Gemalto’s global database of public data breaches.

Most of the industries tracked had more than a 100% increase in the number of compromised, stolen or lost records. Education witnessed one of the largest increases in breaches, up by 103%, with an increase of over 4,000% in the number of records. “This is the result of a malicious insider attack compromising millions of records from one of China’s largest comprehensive private educational companies,” the release said.

Healthcare had a relatively similar amount of breaches compared to the last six months of 2016, but stolen, lost or compromised records increased 423%. The United Kingdom’s National Health Service was one of the top five breaches in the first-half, with over 26 million compromised records. Financial services, government and entertainment were also industries that experienced a significant jump in the number of breached records, with entertainment breach incidents increasing 220% in the first six months of 2017.

Identity theft accounted for the vast majority of breaches (74%, or 680 incidents), up 49% from the previous six months. The number of compromised records in identity theft breaches increased by 255%, the release said. After identity theft, financial access accounted for 13%, or 116 incidents, account access 6% (58 incidents), existential data 6% (52 incidents) and nuisance 1% (12 incidents). “The most significant shift was the nuisance category of data breaches, representing 81% of all lost, stolen or compromised records,” the release said. “However, in terms of the number of incidents, nuisance type attacks were only slightly over 1% of all data breaches.”

Of the 918 incidents, malicious outsiders made up three-quarters of breaches (74%, or 679 incidents), an increase of 23% from the last six months of 2016. However, this source accounted for only 13% of all stolen, compromised or loss records, Gemalto said in the release. Accidental loss accounted for 18%, or 166 incidents, malicious insiders for 8% (71 incidents), and both state-sponsored and unknown accounting for less than 1%, with one incident each. And while malicious insider attacks only made up 8% of all breaches, the amount of records compromised was 20 million, up from 500,000, an increase of over 4,114% from the previous six months.

Geographically, North America still makes up the majority of all breaches and the number of compromised records, both over 86%. The number of breaches in North America increased by 23%, with the number of records compromised skyrocketing by 201%, Gemalto said in the release.

“Traditionally, North America has always had the largest number of publicly disclosed breaches and associated record numbers, although this is poised to change in 2018 when global data privacy regulations like the European General Data Protection Regulation (GDPR) and Australia’s Privacy Amendment (Notifiable Data Breaches) Act are enforced,” Gemalto said. Europe currently only had 49 reported data breaches (5% of all breaches), a 35% decline from the previous six months. Asia Pacific had 47 incidents, Africa four, the Middle East three and South America none.

According to the Breach Level Index, more than 9 billion data records have been exposed since 2013, when the index began benchmarking publicly disclosed data breaches. During the first six months of 2017, more than 10 million records were compromised or exposed every day, or 122 records every second, including medical, credit card and/or financial data or personally identifiable information. “This is particularly concerning, since less than 1% of the stolen, lost or compromised data used encryption to render the information useless, a 4% drop compared to the last six months of 2016,” the release said.

Gemalto offers solutions from secure software to biometrics and encryption. In 2016, it had annual revenues of 3.1 billion euros and customers in more than 180 countries.​