[BreachExchange] 2017, Yet Another “Worst Year Ever” For Data Breaches

Audrey McNeil audrey at riskbasedsecurity.com
Tue Nov 14 19:11:40 EST 2017


https://www.riskbasedsecurity.com/2017/11/2017-yet-another-
worst-year-ever-for-data-breaches/

Risk Based Security today announced the release of its Q3 2017 Data Breach
QuickView report, showing there have been 3,833 publicly disclosed data
compromise events through September 30th. The pace of disclosures began to
steadily increase in July, peaking in September with over 600 reported
breaches reported for the month.

“The events at Equifax dominated the news in Q3 – and rightly so,”
commented Inga Goddijn, Executive Vice President for Risk Based Security.
“The breach stands out for so many reasons, ranging from the sheer size of
the data loss to the poor handling of the response. But the attention
masked several other events such as the Sonic and Piriform compromises
that, in any other month, would be high profile breaches in their own
right.”

One trend that stood out to the RBS research team was the number of leaks
targeting access credentials for popular streaming services. Login
information from unrelated organizations is being acquired from other leaks
or websites and tested against service providers like Netflix, Hulu,
Spotify and several others. Once validated, the credentials are being
leaked and used to take advantage of premium subscriptions. While this
practice is not new – there is a steady stream of such leaks every quarter
– there was a noticeable uptick in this activity in Q3.

“Over the past few years, quarter after quarter, we have seen how popular
it is to target account credentials. However, in the first half of 2017, it
was one of the few times that we saw usernames, email address and passwords
fall out of the top spots of data types most compromised. That trend has
faded and once again, we’re seeing access credentials return as the most
exposed data types” Ms Goddijn added.

The trends are not all bad news however. A combination of factors,
including fewer records compromised per breach and a shift away from data
breaches exposing Social Security numbers and other higher value data, has
pushed breach severity scores lower for the quarter. Ms Goddijn comments,
“while we are tracking more data breaches, we are seeing the severity skew
lower in Q3 compared to the first half of the year. It’s a trend we hope to
see continue for the remainder of the year.”

Risk Based Security has been capturing and aggregating data breach events
for well over a decade. The wealth of breach data coupled with actionable
security ratings for organizations has made Risk Based Security a leader in
vendor risk management, cyber insurance and risk modeling. For more
information, contact Risk Based Security at 855-RBS-RISK or visit
www.riskbasedsecurity.com.

About the Data Breach QuickView Report

The Data Breach QuickView report is possible through the research conducted
by Risk Based Security. It is designed to provide an executive level
summary of the key findings from RBS’ analysis of breach activity disclosed
in 2017. Contact Risk Based Security for any specific analysis of the 2017
data breaches of specific interest to your organization.

You can get your copy of the Q3 2017 Data Breach QuickView Report here:

https://pages.riskbasedsecurity.com/2017-q3-breach-quickview-report
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171114/0a5dc9d7/attachment.html>


More information about the BreachExchange mailing list