Breaches Expose 2.6 Billion Records in First Half of 2018
A Risk Based Security report finds the number of exposed records falls from the six billion reported during the first half of 2017.
More than 2,300 data breaches exposed 2.6 billion records during the first six months of this year, according to a new report from cyberthreat intelligence firm Risk Based Security.
The Richmond, Va.-based company said the number of reported breaches in the first half of 2018 was down from 2,439 incidents and six billion exposed records in the same period of 2017. It also noted that data breaches dropped during the first quarter of 2018 and breach activity was returning to what it called “a more normal pace.”
“After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information. [The year] 2018 is remarkable in that the number of publicly disclosed breaches appears to be leveling off while the number of records exposed remains stubbornly high,” Risk Based Security EVP Inga Goddijn said. “It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the six billion exposed at this time last year.”
Hacking was the cause of over half the breach incidents, according to the data. A popular method was phishing for usernames and passwords in order to steal credentials and access systems.
Almost half of breaches (45.4%) exposed email addresses, 41.4% exposed passwords and 34.5% exposed names. Social Security numbers, credit card numbers, birthdates and phone numbers were exposed in fewer than 20% of data breaches.
“While we expect hacking to remain the leading cause of data loss, we can’t lose sight of the damage that can come from accidental exposure,” Goddijn added. “Misconfigured services, exposed S3 buckets and even improper email handling have led to more than their fair share of recent breaches. This type of data loss is easily prevented and protecting against it is nearly entirely within the organization’s control. It shouldn’t be overlooked in the quest to prevent external attacks.”
Over 1,000 of the report’s 2,308 data breaches occurred in the United States.
Organizations disclosed data breaches faster in the first half of 2018, Risk Based Security also reported. In the first quarter of 2014, for example, an average 75.5 days elapsed between breach discovery and reporting. That fell to an average of 37.9 days in the first quarter of 2018.
The number of reported data breaches spiked in the European Union after the advent of the General Data Protection Regulation in late May 2018, the report also noted.
“How many will become public – or have already been disclosed and are only now making their way to regulators’ attention – remains to be seen,” it said.