Story image

Gemalto's Breach Level Index: "1.4 billion compromised data records"

03 Apr 17

Gemalto released the results of its Breach Level Index last week, proving once again that data breaches across the world continue to increase in scale and severity.

Overall, APAC accounted for 8% of all breach incidents. The survey found that the top three APAC countries with the most incidents included Australia with 44 breach incidents, India had 24 incidents; New Zealand had 16.

Cambodia, Samoa and Vietnam fared best, each with only one breach. According to Gemalto, the low rates aren’t necessarily good news, as many breaches may have been unreported due to a lack of cybersecurity disclosure laws.

Meanwhile, the United States had 1348 incidents, accounting for 80% of all data breaches.

According to the survey, the total 1792 breaches led to 1.4 billion compromised data records last year - an 86% increase compared to 2015.

Since 2013, more than 7 billion data records have been compromised - equal to 3 million every day or around 44 records every second, Gemalto states.

Identity theft was top of the breach list (59% of data breaches) a 5% increase since 2015. Account access breaches accounted for 54%. The ‘nuisance’ category accounted for 18% of breached records - a 102% increase.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets,” comments Jason Hart, Gemalto’s VP and CTO for Data Protection.

52% of data breaches on organisations last year didn’t mention how many records were compromised when the breach happened.

Gemalto believes that malicious outsiders accounted for 68% of breach attacks. Hacktivist breaches accounted for 3% of breaches, but increased by 31%.

“Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid,” Hart says.

While the healthcare industry was the biggest area for breaches (28%), the number of records exposed in those breaches has dropped 75% since 2015. Government experienced 15% of breaches but the number of compromised records jumped 27% from 2015. 

Financial services experienced 12% of breaches, followed by the tech sector (11%) and ‘other’ (13%).The ‘other’ category comprised mainly social media and entertainment industry breaches.

Gemalto states that 4.2% of breaches has involved encrypted data, compared to 4% in 2015. 

"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities,” Hart continues.

This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.”

The most notable breaches included the AdultFriend Finder, Fling, the Philippines Commission on Elections, 17 Media and DailyMotion. The Breach Level Index did not include the major Yahoo data breaches since they occurred in 2013 and 2014.

WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.
The future of privacy: What comes after VPNs?
"75% of VPN users said they are seeking a better solution for cloud networks."
'Public cloud is not a panacea' - 91% of IT leaders want hybrid
Nutanix research suggests cloud interoperability and app mobility outrank cost and security for primary hybrid cloud benefits.