Gemalto, a leader in digital security, released the latest findings of the Breach Level Index, a global database of public data breaches, revealing 18 data breaches led to 203.7 million data records being compromised in India in the first half of 2017.
Compared to the last six months of 2016, the number of lost, stolen or compromised records increased by a staggering 167 million with 61 percent of data breach incidents being identity theft. Globally, a large portion of the 1.9 billion stolen or compromised data records came from the 22 largest data breaches, each involving more than one million compromised records. Of the 918 data breaches recorded worldwide more than 500 (59 percent of all breaches) had an unknown or unaccounted number of compromised data records.
In India, the malicious outsider attack on Zomato exposing 17 million records globally become the sixth biggest data breach in first half of 2017. Also, the continuous attacks on Aadhaar data was another significant data breach that put focus on the financial access and identity theft breaches occurring in India.
“IT consultant CGI and Oxford Economics recently issued a study, using data from the Breach Level Index and found that two-thirds of firms breached had their share price negatively impacted. Out of the 65 companies evaluated the breach cost shareholders over $52.40 billion,” said Jason Hart, VP and CTO, Data Protection at Gemalto.
“We can expect that number to grow significantly, especially as government regulations in the U.S., Europe and elsewhere enact laws to protect the privacy and data of their constituents by associating a monetary value to improperly securing data. Security is no longer a reactive measure but an expectation from companies and consumers.”
The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are not serious versus those that are truly impactful.
According to the Breach Level Index, more than 9 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. During the first six months of 2017, more than 10 million records were compromised or exposed every day, or 122 records every second, including medical, credit card and/or financial data or personally identifiable information.
This is particularly concerning, since less than 1 percent of the stolen, lost or compromised data used encryption to render the information useless, a 4 percent drop compared to the last six months of 2016.
Primary sources of data breaches
Malicious outsiders made up the largest percentage of data breaches (74 percent), an increase of 23 percent. However, this source accounted for only 13 percent of all stolen, compromised or lost records. While malicious insider attacks only made up 8 percent of all breaches, the amount of records compromised was 20 million up from 500,000 an increase of over 4,114 percent from the previous six months.
Leading types of data breaches
For the first six months of 2017, identity theft was the leading type of data breach in terms of incident, accounting for 74 percent of all data breaches, up 49 percent from the previous semester. The number of records compromised in identity theft breaches increased by 255 percent.
The most significant shift was the nuisance category of data breaches representing 81 percent of all lost, stolen or compromised records. However, in terms of the number of incidents, nuisance type attacks were only slightly over 1 percent of all data breaches. The number of compromised records from account access attacks declined by 46 percent, after a significant spike in the 2016 BLI full year report.
For most of the industries, the Breach Level Index tracks had more than a 100 percent increase in the number of compromised, stolen or lost records. Education witnessed one of the largest increases in breaches up by 103 percent with an increase of over 4,000 percent in the number of records. This is the result of a malicious insider attack compromising millions of records from one of China’s largest comprehensive private educational companies.
Healthcare had a relatively similar amount of breaches compared to the last six months of 2016, but stolen, lost or compromised records increased 423 percent. The UK's National Health Service was one of the top five breaches in the first half with over 26 million compromised records.
Financial services, government and entertainment were also industries that experienced a significant jump in the number of breached records, with entertainment breach incidents increasing 220 percent in the first six months of 2017.
North America still makes up the majority of all breaches and the number of compromised records, both above 86 percent. The number of breaches in North America increased by 23 percent with the number of records compromised skyrocketing by 201 percent.
Traditionally, North America has always had the largest number of publicly disclosed breaches and associated record numbers, although this is poised to change in 2018 when global data privacy regulations like the European General Data Protection Regulation (GDPR) and Australia’s Privacy Amendment (Notifiable Data Breaches) Act are enforced.
Europe only had 49 reported data breaches (5 percent of all breaches), which is a 35 percent decline from the previous six months.