ThreatList: 4.1B Records Exposed in Breaches in First Half of 2019

data breaches of the week

The number of exposed records has hit record highs in just the first two quarters.

This year is on track to be the worst year on record for data breach activity, according to a recent analysis.

Within the first six months of this year, there have been 3,813 incidents publicly reported, according to Risk Based Security’s 2019 MidYear QuickView Data Breach Report. That’s up 54 percent compared to this time last year. Meanwhile, the number of exposed records rose by 52 percent in the same timeframe, to reach 4.1 billion.

Eight breaches reported within the first half of 2019 accounted for 3.2 billion records exposed or 78.6 percent of the total records exposed through June 30.

Three of these, in the first quarter, were among the largest breaches of all time, exposing over 100 million records. In Q2, another five breaches were reported as exposing 100 million records or more.

Across the board, email addresses and passwords remain prized targets, with email addresses exposed in approximately 70 percent of reported breaches and passwords exposed in approximately 65 percent of reported breaches. Troves of username and password combinations continue to become available on forums and file-sharing sites, according to the report, while phishing for access credentials — a perennially popular method for gaining access to systems and services – is surging.

“Looking over the first six months of 2019, it is hard to be optimistic on the outlook for the year,” said Inga Goddijn, executive vice president, RBS. “The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate.”

Not surprisingly, the business sector (a catch-all category which includes retail, tech companies and others) accounted for 67 percent of reported breaches and 84.6 percent of records exposed. This was followed by medical (14 percent), government (12 percent) and education (7 percent). Hacking remains the No 1 breach type for number of incidents, accounting for 82 percent of reported breaches.

“Quarter after quarter the pattern has repeated itself,” Goddijn said. “The vast majority of incidents are attributable to malicious actors outside an organization. Unauthorized access of systems or services, skimmers and exposure of sensitive data on the internet have been the top three breach types since January of 2018. However, insider actions, both malicious and accidental, have driven the number of records exposed.”

Interested in more on the internet of things (IoT)? Don’t miss our free Threatpost webinar, “IoT: Implementing Security in a 5G World.” Please join Threatpost senior editor Tara Seals and a panel of experts as they offer enterprises and other organizations insight about how to approach security for the next wave of IoT deployments, which will be enabled by the rollout of 5G networks worldwide. Click here to register.

Suggested articles