[BreachExchange] Over 15.1 Billion Records Exposed in Data Breaches in 2019

Thu Feb 13 10:12:04 EST 2020

https://www.securityweek.com/over-151-billion-records-exposed-data-breaches-2019

More than 15.1 billion records were exposed in 2019 as part of the
data breaches that were publicly reported, Risk Based Security
reveals.

The number of exposed records registered a massive 284% spike compared
to the previous year (which had 5.3 billion records exposed), and also
marked a 91% increase compared to 2017 (7.95 billion records).

A total of 7.2 billion records were compromised between October 1 and
December 31, 2019, with four events accounting for 93.5% of these
records. All four involved open, misconfigured databases that were
made publicly accessible.

The number of reported data breaches was of 7,098 last year,
representing only a 1% increase compared to the 7,035 breaches
reported in 2018.

However, the gap is expected to grow in the next two months, as more
2019 incidents are publicly disclosed, Risk Based Security’s 2019 Year
End Data Breach QuickView Report reveals (PDF). Another 250-300
incidents are expected to be added to the list.

Sensitive data was accessible but not confirmed as stolen for 22.6% of
the incidents. There were “three breaches that compromised 1 billion
records or more exposed transaction logs,” but the number of impacted
people is much lower than the 7.6 billion exposed records.

Of the 15.1 billion records exposed last year, 13.5 billion were
compromised via the web, specifically inadvertent exposure of data
online, the report reveals. Hacking exposed 1.5 billion records, while
the other types of incidents combined exposed 120 million records.

Hacking, however, accounted for 5,184 of the reported data breaches,
while there were only 343 web incidents reported.

“There are plenty of malicious actors ready to take advantage of any
and every shortcoming or oversight. Hacking, defined as unauthorized
intrusion into systems, has been the top breach type by number of
incidents for every year of the past decade except for 2010,” Risk
Based Security notes.

The information sector emerged as the leader in the number of data
breaches, with 614 incidents, with the healthcare sector following on
the second position, at 512, and finance and insurance landing on the
third, with 435 incidents.

Most of the data breaches in the information sector (88%) can be
attributed to software publishers, data processing and hosting
services, and Internet publishing companies.

By November, more than 38 million healthcare records had been exposed
in the United States, impacting 11.64% of the population, data from
the U.S. Department of Health and Human Services Office for Civil
Rights breach portal revealed. However, only breaches impacting more
than 500 individuals are added to the portal.

A total of 368 third-party breaches were reported in 2019, exposing
over 4.7 billion records, with an average number of exposed records of
roughly 13 million per breach.