[BreachExchange] ‘Stunning’ growth in records exposed in data breaches

Audrey McNeil audrey at riskbasedsecurity.com
Tue Aug 8 20:16:39 EDT 2017


http://assetfinanceinternational.com/index.php/technology/
technology-archive/technology-articles/15718-stunning-
growth-in-records-exposed-in-da

The scale of data breaches affecting consumers and companies has been
revealed in new research that shows six billion records were compromised in
the first half of 2017.

There were 2,227 publicly disclosed ‘data compromise events’ to the end of
June, which is broadly similar to 2015 and 2016, but the total number of
exposed records has already broken last year’s record figure.

Inga Goddijn, executive vice president for Risk Based Security, which
revealed the figures in its mid-year Data Breach QuickView report, said:
“It is stunning to see the steady increase in the number of breaches
impacting one million or more records.

“In the first six months of 2013, 2014 and 2015, the number of these large
breaches hovered in the mid-teens. Last year we saw that number jump to 28,
and now, for the first six months of this year, we’re tracking 50 such
incidents.”

The first quarter of 2017 saw the single largest breach disclosed, only for
it to be beaten by a second record breach during Q2. Another trend that has
accelerated in 2017 is the targeting of tax data.

In addition to scamming HR professionals, organizations that aggregate such
data were also targeted. A number of accounting firms and payroll service
providers were breached along with third-party service providers.

In one case, vulnerable code in a service platform was exploited, resulting
in the compromise of approximately 5.5 million job seekers’ names,
addresses, dates of birth and social security numbers.

Hacking accounted for 41% of disclosed breaches, with Goddijn warning:
“There are a lot of moving parts to an effective patch management program,
but no matter how strong that process might be, it can be undermined when
known vulnerabilities are missed simply because the organization was not
aware to look for them.

“The breach activity we are tracking this year is a stark reminder of just
how many data compromise incidents are motivated by financial gain. As long
as information can be quickly monetized and systems remain vulnerable to
attack, we should not expect to see any slowdown in breach activity”.

The USA dominates the list of the number of data breaches by country and
was second when it came to the volume of records exposed, but several
European countries are also named.

The warning comes as finance companies throughout Europe race to be
complaint with the new EU General Data Protection Regulation (GDPR).

The GDPR, which comes into force in May 2018, strengthens data protection
regulations for all individuals within the EU and aims to give control of
personal data back to consumers.

The new rules identify personal data as any information relating to an
individual, whether it relates to private, professional or public life. It
can be anything from a name, a home address, a photo, an email address,
bank details, posts on social networking websites, medical information, or
a computer’s IP address.

Difficult elements include the ability of consumers to challenge automated
individual decision-making, including profiling and algorithm-based
assessments.

Risk Based Security provides detailed infor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170808/fbd256eb/attachment.html>


More information about the BreachExchange mailing list