Misconfigured data bases and services are driving the increase in exposed records.

Edward Gately, Senior News Editor

August 17, 2020

3 Min Read
Data Breach
Shutterstock

The number of publicly reported data breaches is at a five-year low, but the number of records exposed has skyrocketed.

That’s according to Risk Based Security‘s 2020 Mid-Year Data Breach QuickView Report. The report explores how supply chain disruptions due to COVID-19 have impacted data breach reporting and influenced other trends. In addition, Risk Based Security explains the cause behind the alarming amount of records exposed.

The report covers data breaches reported between Jan. 1 and June 30.

There were 2,037 publicly reported data breaches through June 30. That’s a 52% decrease over the first six months of 2019. And it is 19% below the same time period for 2018.

There were 27 billion exposed records during the six-month period. That exceeds the total number of records exposed during all of 2019 by more than 12 billion.

Large Data Breaches Drive Exposed Records Increase

Inga Goddijn is executive vice president at Risk Based Security.

Goddijn-Inga_Risk-Based-Security.jpg

Risk Based Security’s Inga Goddijn

“There are a couple of factors in play,” she said. “First, the first six months of 2019 was something of an anomaly. Last year our team picked up a number of leaked databases at once, which really pushed up the number of breaches coming to light last year. Comparing 2020 to 2018, we see breach disclosures are down about 19%, which we believe is attributable to temporary disruptions in disclosures. As for the number of records exposed, there have been three very large breaches – misconfigured databases exposing extraordinary amounts of data – that is driving the increase.”

Other findings include:

  • The driving force behind the number of records exposed continues to be misconfigured data bases and services.

  • The two largest breaches ever reported came to light during the second quarter of 2020. They account for more than 18 billion of the 27 billion records put at risk.

  • The number of payment card details exposed in the first six months of 2020 surpassed 90 million records.

  • There were even more Social Security/national identity numbers, financial account numbers and dates of birth exposed during this time period.

  • Four economic sectors accounted for more than half of reported breaches. Those are information, health care, finance and insurance, and public administration.

  • The information sector accounted for 14.5% of reported breaches. Software providers, hosting and other online services accounting for 86.5% of the information sector breaches.

  • The health care sector nearly matched the information sector, accounting for 14.3% of the reported breaches.

Mistakes and Disruption

“Any major rupture to normal operations can be a field day for attackers as well as creating a lot more opportunities for mistakes to happen,” Goddijn said. “From our perspective, we see COVID-19 having an impact on the pace of information being surfaced about breaches. The jury is still out, but I think some of the decline we’re seeing this year is due to disruptions in the information supply chain.”

It’s surprising to see such a contrast between the first six months of 2020 the same period for 2019, she said.

“We knew the breach count for the first few months of 2019 was influenced by an unusually high number of data leaks our research team picked up. And looking at the trends over time, it’s fairly clear 2019 stands apart from other years,” Goddijn said. “So we expected some leveling off in the breach counts this year. But that said, it was surprising to see the number of disclosed breaches drop below 2018 numbers.”

“The report highlights that even in the middle of a pandemic, organizations still need to be very mindful about security issues,” said Jake Kouns, Risk Based Security’s CEO and co-founder. “With IT staff facing additional pressure and companies struggling with budget issues, this means that MSPs need to provide great security services with additional value for a reasonable cost.”

Read more about:

Agents

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like