Connect with us

Hi, what are you looking for?



1.4 Billion Records Compromised in 2016: Report

Nearly 1.4 billion records were compromised in 2016 as a result of roughly 1,800 data breaches, according to Gemalto’s latest Breach Level Index report.

Nearly 1.4 billion records were compromised in 2016 as a result of roughly 1,800 data breaches, according to Gemalto’s latest Breach Level Index report.

The company said the number of compromised records increased by 86 percent compared to the previous year. The report also shows that more than 1,000 incidents, or 59 percent of the total, involved theft of identity information, while nearly 30 percent involved financial and account data.

Data collected by Gemalto shows that 68 percent of data breaches were the work of malicious external hackers, while 19 percent of incidents were classified as accidental leaks. Malicious insiders accounted for 9 percent of breaches.

The most serious breaches mentioned in the report affected FriendFinder Networks (412 million records), the Philippines Commission on Elections (77 million records), DailyMotion (85 million records), Fling (40 million records), the Indian state of Kerala (34 million records), and Evony (33 million records).

The Yahoo breaches disclosed last year, which involved hundreds of millions of user records, were not taken into account due to the fact that the incidents occurred in 2013 and 2014. Based on the same logic, the Fling breach should have been excluded as well as it appears to have occurred in 2011.

Furthermore, the report also lists the “17” streaming app with 30 million records, but an analysis of the hackers’ claims showed that the actual number of compromised records was roughly 4 million.

According to Gemalto, the healthcare industry was hit the hardest in terms of the number of incidents, and accounted for more than a quarter of breaches. Other affected sectors are government (15%), retail (12%), financial services (12%), and technology (11%).

When it comes to the number of compromised records, the government and tech sectors take the lead with roughly 391 million records each.

Advertisement. Scroll to continue reading.

As for the geographical distribution of affected organizations, 80 percent of the breaches catalogued by Gemalto affected the United States.

Gemalto breach level index

The company said more than 7 billion records were lost or stolen since 2013, which means that, on average, more than 4.5 million records are compromised every day. Of all the incidents known to Gemalto, only 4 percent involved efficient encryption that made the exposed data useless.

Risk Based Security reported in January that the total number of records exposed in 2016 was 4.2 billion, but the company also included the Yahoo, MySpace and other incidents that took place in previous years.

Related: Los Angeles County Notifies 756,000 of Data Breach

Related: Forged Cookie Attack Affected 32 Million Yahoo Users

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...