Data Breaches Rise: Report

Tuesday, March 1, 2016 @ 06:03 PM gHale


Attacks keep rising and losses because of data breaches continue to escalate, a new study found.

Over the past 12 months, data security company Gemalto’s researchers observed and inventoried 1,673 data breaches that leaked over 707 million data records.

RELATED STORIES
Breach Detection Better; Attacks on Rise
Multi-APT’s Linked to One Attack Group
ICS-CERT BlackEnergy Report
BlackEnergy in other Ukraine Systems

The numbers are huge, but mainly driven by a series of big-name incidents. Among them are the Anthem Insurance data breach (78.8 million records), the Turkish General Directorate of Population and Citizenship Affairs data breach (50 million records), the Korea Pharmaceutical Information Center data breach (43 million records), the U.S. Office of Personnel Management data breach (22 million), and the Experian data breach (15 million records), according to Gemalto’s bi-annual Breach Level Index report.

While these incidents got all the headlines, they are not entirely representative of the entire spectrum of recorded data breaches.

Gemalto security analysts said during 2015 most breaches ended up conducted by malicious outsiders (964 incidents, 58 percent), were the result of an accident (398 incidents, 24 percent), or of an insider’s actions (238 incidents, 14 percent). Hacktivists and state-sponsored groups also played a role, but accounted for over 4 percent combined.

Most of the leaked records are from the government sector (307 million records, 43 percent), followed by healthcare [134 million records, 19 percent], the technology field (84 million records, 12 percent), retail (40 million, 6 percent), and education (19 million, 3 percent).

The most targeted country remains the U.S., which saw 1,222 data breaches. The rest of the top 5 consists of the UK with 154 incidents, Canada with 59 incidents, Australia with 42 incidents, and New Zealand with 22 incidents. In spite of its huge size, China recorded 8 incidents.

In 53 percent of all incidents, hackers were after identity and personal information, while in 22 percent of the incidents, the attackers targeted financial data. Other reasons for breaking into databases were to steal account access credentials (11 percent), existential data (10 percent), or just as a nuisance (hacktivism) (4 percent).