Publicly Reported Data Breaches Fall, But Records Exposed EscalatesPublicly Reported Data Breaches Fall, But Records Exposed Escalates
Misconfigured data bases and services are driving the increase in exposed records.
August 17, 2020
The number of publicly reported data breaches is at a five-year low, but the number of records exposed has skyrocketed.
That’s according to Risk Based Security‘s 2020 Mid-Year Data Breach QuickView Report. The report explores how supply chain disruptions due to COVID-19 have impacted data breach reporting and influenced other trends. In addition, Risk Based Security explains the cause behind the alarming amount of records exposed.
The report covers data breaches reported between Jan. 1 and June 30.
There were 2,037 publicly reported data breaches through June 30. That’s a 52% decrease over the first six months of 2019. And it is 19% below the same time period for 2018.
There were 27 billion exposed records during the six-month period. That exceeds the total number of records exposed during all of 2019 by more than 12 billion.
Large Data Breaches Drive Exposed Records Increase
Inga Goddijn is executive vice president at Risk Based Security.
Risk Based Security’s Inga Goddijn
“There are a couple of factors in play,” she said. “First, the first six months of 2019 was something of an anomaly. Last year our team picked up a number of leaked databases at once, which really pushed up the number of breaches coming to light last year. Comparing 2020 to 2018, we see breach disclosures are down about 19%, which we believe is attributable to temporary disruptions in disclosures. As for the number of records exposed, there have been three very large breaches – misconfigured databases exposing extraordinary amounts of data – that is driving the increase.”
Other findings include:
The driving force behind the number of records exposed continues to be misconfigured data bases and services.
The two largest breaches ever reported came to light during the second quarter of 2020. They account for more than 18 billion of the 27 billion records put at risk.
The number of payment card details exposed in the first six months of 2020 surpassed 90 million records.
There were even more Social Security/national identity numbers, financial account numbers and dates of birth exposed during this time period.
Four economic sectors accounted for more than half of reported breaches. Those are information, health care, finance and insurance, and public administration.
The information sector accounted for 14.5% of reported breaches. Software providers, hosting and other online services accounting for 86.5% of the information sector breaches.
The health care sector nearly matched the information sector, accounting for 14.3% of the reported breaches.
Mistakes and Disruption
“Any major rupture to normal operations can be a field day for attackers as well as creating a lot more opportunities for mistakes to happen,” Goddijn said. “From our perspective, we see COVID-19 having an impact on the pace of information being surfaced about breaches. The jury is still out, but I think some of the decline we’re seeing this year is due to disruptions in the information supply chain.”
It’s surprising to see such a contrast between the first six months of 2020 the same period for 2019, she said.
“We knew the breach count for the first few months of 2019 was influenced by an unusually high number of data leaks our research team picked up. And looking at the trends over time, it’s fairly clear 2019 stands apart from other years,” Goddijn said. “So we expected some leveling off in the breach counts this year. But that said, it was surprising to see the number of disclosed breaches drop below 2018 numbers.”
“The report highlights that even in the middle of a pandemic, organizations still need to be very mindful about security issues,” said Jake Kouns, Risk Based Security’s CEO and co-founder. “With IT staff facing additional pressure and companies struggling with budget issues, this means that MSPs need to provide great security services with additional value for a reasonable cost.”
Read more about:Agents
About the Author(s)
You May Also Like
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023
People on the Move: Comcast, Cisco, NICE, TPx, Barracuda, MoreNov 29, 2023
AWS re:Invent 2023 Partner News: Marketplace, Salesforce, Certs, MoreNov 29, 2023
AWS re:Invent Expo: VMware, Snyk, HPE, More Showcase Cloud, Security, AINov 28, 2023