Gemalto has released the latest findings of the Breach Level Index, a global database of public data breaches, revealing 944 data breaches led to 3.2 billion data records being compromised worldwide in the first half of 2018. Compared to the same period in 2017, the number of lost, stolen or compromised records increased by a staggering 72 per cent, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of each incident.
“Gemalto profusely regrets on its Breach Level Index Report 2018 and the subsequent press release issued in India on October 15, where it has by mistake taken into account an unverified news article about alleged Aadhaar data breach. Gemalto has updated its Breach Level Index Report 2018 and wants to make it clear that it was an error in the above said report which has been corrected and all concerned should take note of it that we have not been able to track any verified or substantiated data breach of Aadhaar database of UIDAI. As a result, Gemalto has withdrawn this alleged data from the Breach Level Index. Any inconvenience caused to UIDAI is deeply regretted,” the latest release from Gemalto stated.
A total of six social media breaches, including the Cambridge Analytica-Facebook incident, accounted for over 56 per cent of total records compromised. Of the 944 data breaches, 189 (20 per cent of all breaches) had an unknown or unaccounted number of compromised data records.
The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are not serious versus those that are truly impactful.
“Obviously, this year social media has been the top industry and threat vector for the compromise of personal data, a trend we can expect to continue with more and more sectors leveraging these platforms to reach key audiences, especially political teams gearing up for major elections. We also expect to see more data breaches reported by European Union countries bound by the new General Data Protection Regulation and in Australia with the new Notifiable Data Breaches law. We should be careful not to misconstrue this as an increase in overall incidents in these areas but rather as a more accurate reflection of what is actually going on,” said Jason Hart, Vice President and Chief Technology Officer – Data Protection, Gemalto.
Primary sources of data breaches
Malicious insiders caused the largest percentage of data breaches and accounted for almost 80 per cent above of all stolen, compromised or lost records in 2018 while malicious outsiders accounted for 20 per cent in India.
Leading types of data breaches
Identity theft continues to be the leading type of data breach, as it has been since Gemalto first started tracking in 2013. While the number of identity theft breaches decreased by 60 per cent over the second half of 2017, the number of records stolen through these incidents represent over 42 per cent of all records stolen.
Financial access incidents show a disturbing trend in the escalation of severity. Though overall incident numbers are on the decline H1 2017 vs H1 2018 (4 for H1 2017 and 3 for H1 2018), the number of records breached increased H1 2017 vs H1 2018 (1.5 million, 50 and 2.6 million) respectively.
Industries most affected by data breaches
Most sectors saw decrease in the number of incidents compared to first half of 2017 including education, financial services and government.
Geographic distribution of data breaches
North America still makes up the majority of all breaches and the number of compromised records, 59 and 97 per cent respectively. The United States is still by far and away the most popular target for attacks, representing more than 57 per cent of global breaches and accounting for 97 per cent of all records stolen, though overall incidents are down 17 per cent over the prior half. India accounts for less than one per cent of the global breaches in terms of records compromised or stolen or revealed.
With the implementation of the Notifiable Data Breaches law, the number of incidents in Australia increased dramatically from 18 to 308 as could be expected.
Europe saw 36 per cent fewer incidents, but a 28 per cent increase in the number of records breached indicating growing severity of attacks. The United Kingdom remains the most breached country in the region. With the General Data Protection Regulation in full effect for the second half of 2018, the number of reported incidents could begin to rise.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]