<div dir="ltr"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><a href="https://www.riskbasedsecurity.com/2018/02/over-5200-data-breaches-make-2017-an-exceptional-year-for-all-the-wrong-reasons/">https://www.riskbasedsecurity.com/2018/02/over-5200-data-breaches-make-2017-an-exceptional-year-for-all-the-wrong-reasons/</a></div><div dir="ltr"><br></div><div dir="ltr"><span style="font-weight:400">Risk Based Security today announced the release of the </span><a href="https://pages.riskbasedsecurity.com/2017-ye-breach-quickview-report" target="_blank" rel="noopener"><span style="font-weight:400">2017 Data Breach QuickView Report</span></a><span style="font-weight:400">,
showing that once again, the record has been broken for both the most
breaches and the most data compromised in a year. There were 5,207
breaches recorded last year, surpassing 2015’s previous high mark by
nearly 20%. The number of records compromised also surpassed all other
years with over 7.8 billion records exposed, a 24.2% increase over
2016’s previous high of 6.3 billion.</span></div><div dir="ltr"><br></div><div dir="ltr"><a href="https://pages.riskbasedsecurity.com/2017-ye-breach-quickview-report">https://pages.riskbasedsecurity.com/2017-ye-breach-quickview-report</a></div><div dir="ltr"><br></div><div dir="ltr"><p><span style="font-weight:400">“The level of breach activity this
year was disheartening”, commented Inga Goddijn, Executive Vice
President for Risk Based Security. “We knew things were off to a bad
start once the phishing season for W-2 data kicked into high gear. But
by the time April 18th came and went, breach disclosures leveled off and
we went into summer hopeful the worst was behind us. Unfortunately,
that wasn’t the case.”</span></p>
<p><span style="font-weight:400">The increased level of breach
activity has been observed by the cyber insurance industry as well.
Manny Cho, EVP at Risk Placement Services, a national insurance
brokerage and sponsor of the Year End QuickView Report added, “</span><span style="font-weight:400">the use of malware and ransomware such as WannaCry and <a href="https://www.riskbasedsecurity.com/2017/06/wannacry-wakeup-call-not-heard/" target="_blank" rel="noopener">NotPetya</a>
impacted companies and individuals across the globe. While large
breaches continue to grab the headlines, SMEs are losing money and
assets to hacker organizations every day thanks to increased phishing
and spoofing attacks.” </span></p>
<p><span style="font-weight:400">In addition to the number of breaches
and amount of data lost, 2017 stood out for another reason. For the
past eight years, hacking has exposed more records than any other breach
type. In 2017, breach type Web – which is largely comprised of
accidentally exposing sensitive data to the Internet – took over the top
spot compromising 68.8% or 5.4 billion records. Hacking still remained
the leading breach type, account for 55% of reported incidents, but its
impact on records exposed fell to the number two spot, with 2.3 billion
records compromised. For the first time since 2008, inadvertent data
exposure and other data mishandling errors caused more data loss than
malicious intrusion into networks.</span></p>
<p><span style="font-weight:400">“We’re seeing a lot of interest in
calling out organizations that mishandle sensitive data”, said Ms
Goddijn. “Several of the security researchers that are actively engaged
in searching for exposed datasets are no longer willing to keep their
findings confidential. Likewise, more individuals are calling out
breaches when they discover their own data is exposed.”</span></p>
<p><span style="font-weight:400">A prime example of this is the </span><a href="https://www.bloomberg.com/news/articles/2017-08-24/insurer-aetna-reveals-hiv-status-of-clients-in-mailing-to-12-000" target="_blank" rel="noopener"><span style="font-weight:400">August breach impacting 11,887 Aetna members</span></a><span style="font-weight:400">.
An unnamed mail processing vendor working for Aetna sent letters to HIV
patients, informing them of changes to the prescription fulfillment
process. Unfortunately the lettershop used envelopes with an especially
large glassine window, exposing highly sensitive HIV status information.
The breach was brought to light by a letter recipient – triggering both
civil lawsuits and an investigation by the New York Attorney General
and ending with Aetna agreeing to pay $18.3 million in order to settle
the various proceedings. While this is an extreme example, 2017 saw many
other situations where customers, clients and unrelated third parties
discovered the problem and chose to take action.</span></p>
<p><span style="font-weight:400">Comparing the number of breaches
discovered internally to the number of breaches found by outsiders
highlights one dynamic behind the trend. Of the 3,904 breaches with a
confirmed discovery method, only 728 or 18.6%, were discovered by the
organization responsible for protecting the data. The remaining 3,176
were found by law enforcement, external fraud detection or monitoring,
customers, or unrelated parties including disclosure by the malicious
actors themselves. While there is not a direct correlation between
discovery method and and interest in publicizing breach activity, this
data does show that the majority of breaches still go undetected by the
compromised organization.</span></p>
<p><span style="font-weight:400">Risk Based Security has been
capturing and aggregating data breach events for well over a decade. The
resulting wealth of breach data coupled with actionable security
ratings for organizations has made Risk Based Security a leader in
vendor risk management, cyber insurance and risk modeling. For more
information, contact Risk Based Security at 855-RBS- RISK or visit
<a href="http://www.riskbasedsecurity.com">www.riskbasedsecurity.com</a>.</span></p><br><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span style="font-size:10pt"></span></b><span style="font-size:10pt"></span><span style="font-family:arial,helvetica,sans-serif"></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>