[BreachExchange] Data breaches increased 54% in 2019 so far

Destry Winant destry at riskbasedsecurity.com
Fri Aug 16 08:44:11 EDT 2019


The year 2019 is shaping up to be a landmark one for data breaches, as
it has seen over 3,800 breaches—a 50% or greater increase over the
last four years, according to a report published by Risk Based
Security on Wednesday.

"Between 2015 and 2018, the variation in the number of reported
breaches was less than 200 incidents. For the first six months of
2019, the number of breaches increased by 54% compared to the same
time last year," the report states, adding that a high volume of leaks
of relatively few records skews, somewhat, this measure.

In contrast, the number of records exposed in the first half of 2019
is 30% lower compared to the same time frame in 2017, according to the
report—though this may change in the second half of the year, as
recent reports detail the full extent of the data exfiltrated by Paige
A. Thompson, the hacker accused in the Capital One data breach, is
said to possess "multiple terabytes of data stolen… from more than 30
other companies, educational institutions, and other entities,"
according to court documents obtained by ZDNet.

Despite concerns raised in the cybersecurity community about insider
threats, 89% of breaches are the result of outside attacks, though the
report notes that "more and more sensitive data is exposed when
insiders fail to properly handle or secure the information," pointing
to misconfigured databases and services representing 149 of 3,813
incidences reported so far this year resulting in the exposure of over
3.2 billion records.

Risk Based Security also points to the dangers of placing sensitive
data in the hands of third parties, naming the American Medical
Collection Agency (AMCA) breach, in which "hackers infiltrated AMCA's
network and pilfered over 22 million debtors' records including data
such as names, addresses, dates of birth, Social Security numbers and
financial details" as a critical event. "These breaches be more
difficult to manage given the multiple parties involved, they can also
have more damaging consequences for the individuals whose data is
exposed in the event," the report said, noting that the breach has
severe consequences for AMCA, as the company "was forced into filing
for bankruptcy protection a mere 2 weeks after news of the breach made

Healthcare services are the single highest affected industry,
according to Risk Based Security, with Retail, Finance/Insurance,
Public Administration, and IT rounding out the top five.

More information about the BreachExchange mailing list