[BreachExchange] Total number of publicly reported breaches in Q1 2020 down 58% compared to last year

Destry Winant destry at riskbasedsecurity.com
Wed May 13 10:22:12 EDT 2020 

https://www.helpnetsecurity.com/2020/05/12/publicly-reported-breaches-2020/

The total number of publicly reported breaches in Q1 2020 has
decreased by 58% compared to the same period last year, Risk Based
Security reveals.

Publicly reported breaches in Q1 2020 drop dramatically compared to 2019

Despite this, the number of records exposed for this quarter
skyrocketed to 8.4 billion – a 273% increase compared to Q1 2019, and
a record for the same period since at least 2005, when detailed
reporting began.

“Although the total number of publicly disclosed breaches in Q1 2020
dropped dramatically compared to 2019, this should not be interpreted
as a decline in breach activity,” commented Inga Goddijn, Executive
Vice President at Risk Based Security.

“We observed two factors driving this change. First, a large number of
illicit data leaks and dumps were identified in early 2019, resulting
in a temporary spike in activity. Similar spikes had been captured in
the fall of 2018 and 2017, but this trend was absent from the start of
2020.

“The second factor is the disruption triggered by COVID-19. As the
virus spread, so did a decline in breach disclosures. The turmoil that
the pandemic has brought has created a unique opportunity for
malicious actors and a stressful environment primed for mistakes.

“Once the dust settles, we anticipate the number of reported breaches
will be on par with, if not exceed, 2019.”

A misconfigured ElasticSearch

The report explores in further detail how the pandemic, and the
ensuing economic impact, has laid the groundwork for successful cyber
attacks.

“The increase in records compromised was driven largely by one breach;
a misconfigured ElasticSearch cluster that exposed 5.1 billion
records. But even if we adjusted for this incident, the number of
records still increased 48% compared to Q1 2019” commented Inga
Goddijn, Executive Vice President at Risk Based Security.

“On average, hacking exposed an average of approximately 850,000
records per breach and most breaches originated from outside the
organization. We are continually finding that simply meeting
regulatory standards or contractual obligations do little to actually
prevent a breach from occurring.”

UPDATE: 7:54 AM PT – The number in the headline and the article has
been update after Risk Based Security discovered an error in their
report and reached out to Help Net Security.

More information about the BreachExchange mailing list