[BreachExchange] 3 months, 1900 reported breaches, 1.9 billion records exposed

[Destry Winant]

https://www.helpnetsecurity.com/2019/05/09/2019-publicly-reported-breaches/

There were 1,903 publicly disclosed data compromise events in the
first three months of the year, exposing over 1.9 billion records,
according to Risk Based Security.

No other first quarter has seen this level of activity, putting 2019
on pace to be yet another “worst year on record” for the number of
publicly reported breaches.

“The number of data leaks – both in the form of open, unsecured
services and credentials leaks – reached new levels this quarter,”
commented Inga Goddijn, executive vice president and head of Cyber
Risk Analytics.

“Researchers are increasingly going public when they discover sizable,
unprotected databases containing sensitive information and
unfortunately, they aren’t terribly difficult to find when you know
where to look.” The report finds that 67.6% of records compromised in
Q1 were due to exposure of sensitive data on the Internet.

A particular area of interest for the research team is breach event
timelines. Throughout 2018, the QuickView Reports focused on analysis
of the time interval between the date an incident is first discovered
by the breached organization, to the date the incident is first
publicly disclosed.

Initial research indicated the gap between discovery and disclosure
incrementally shrank from 2014 though the first quarter of 2018, but
stalled for the remainder of the year.

This lack of improvement prompted a new focus for 2019: digging deeper
into the factors that may be influencing why some organizations are
quicker to disclose a breach than others. This quarter, analysis
focused on whether there is a correlation between discovery method and
time to disclose.

The theory being, organizations that are better able to detect a
breach will also be better positioned to respond swiftly.

In an interesting twist, the data did indeed show there is a
correlation between discovery method and time to disclose, but it was
not the expected outcome.

In Q1 2019, organizations that were alerted to the event from external
sources – such as law enforcement, researcher or customer reporting,
fraud monitoring or actor disclosure – were on average 31 days quicker
to publicly disclose the event than organizations that learned of the
incident through internal sources.

“Clearly our hypothesis, that organizations finding their own breaches
will report them faster, was dead wrong this quarter,” commented Ms.
Goddijn.

“We will be following this metric closely throughout the year. For
now, it’s too early to say whether the result we found for this
quarter is an outlier or a fairly typical outcome.”