PINDROP BLOG

New Report Shows Depth of Data Breaches Is Worse Than Before

More than six billion consumer records have been compromised in data breaches in just the first six months of this year. That number is higher than the mark for all of 2016, more evidence that attackers are continuing to ramp up their efforts to steal sensitive data.

A new report out this week from Risk Based Security (RBS), a risk management company, shows that in 2017 there have been 2,227 publicly disclosed data compromise events through June 30. While this is in keeping with the number of breaches disclosed mid-way through 2015 and 2016, the total number of records exposed is rising. The depth of these attack is far greater than before, even though the number of attacks have stayed consistent with years past.

“It is stunning to see the steady increase in the number of breaches impacting one million or more records. In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid-teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents,” said Inga Goddijn, executive vice president at Risk Based Security.

The first quarter of 2017 had the largest breach ever recorded, only to be surpassed by an even larger leak in the second quarter. The amount of information gleamed from each attack is far greater than it was in years past, with significantly bigger “grabs” than in previous years. The first six months of 2017 have seen 160 tracked phishing compromises targeting W-2 tax documents, a 25 percent increase from the year prior. Human resources departments are common recipients of these attacks due to the sensitive information that they  hold.

The business sector was the main area hit, with 57 percent of attacks compromising businesses, while just nine percent affected government). North America accounted for 62.4 percent of breaches, followed by the United Kingdom with only 6 percent. The main type of attacks deployed in the first half of 2017 are hacking (mainly) followed by viruses and malware.

“While news of politically motivated foreign interference in election systems continues to dominate the headlines, the breach activity we are tracking this year is a stark reminder of just how many data compromise incidents are motivated by financial gain. As long as information can be quickly monetized and systems remain vulnerable to attack, we should not expect to see any slowdown in breach activity,” Goddijn said.