[BreachExchange] Data breaches up 54% YOY, 2019 set to be 'worst year on record'

Destry Winant destry at riskbasedsecurity.com
Fri Aug 23 10:13:42 EDT 2019


Dive Brief:

- Reported breaches rose 54% this year compared to midyear 2018,
surpassing 2016 as the "worst year on record," according to a
RiskBased Security research on data breaches that occurred during the
first six months of 2019.
- Eight breaches exposed more than 3.2 billion records, accounting for
nearly 80% of the compromised records so far this year. This year,
most reported breaches had a low to moderate impact, exposing 10,000
records or less.
- Even though data leaks expose less than 230 records on average,
their frequency contributed to the 52% spike in compromised records
from last year.

Dive Insight:

For customers that have to deal with the cleanup of a data breach, it
doesn't matter if millions of other consumers were compromised
alongside them.

Tens of thousands of MoviePass customers' credit and debit card
numbers and personal data were left open on an unprotected server,
TechCrunch reported Tuesday. A security researcher informed the movie
ticket subscription company of the vulnerable database, which held
millions of other records and continues to grow in real time.

"Technically, this breach can be interpreted as the company giving
away customer data for free," said Kevin Gosschalk, CEO of Arkose
Labs, in an emailed statement to CIO Dive. Mishandling security
controls contributes to bad actors' most favorable method of breaches:
locating companies with open or vulnerable databases.

Since January 2018, unauthorized access of systems or services,
skimmers and unintentional exposure of personal data on the internet
account for the top three types of breaches, according to the
RiskBased Security. Malicious insiders also contributed to nearly 7
billion exposed records in the last 18 months.

Non-malicious insider threats are more common. Insiders
unintentionally mismanage security controls, which can result in open
servers, as seen with MoviePass.

Capital One and Equifax had issues with web application
configurations; a relatively simple mitigation would have protected
them from unwanted intruders. When hackers can find vulnerable
companies that house data as a third party, it amplifies the risk for
the primary business.

More information about the BreachExchange mailing list