Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

6,500 Publicly Disclosed Data Breaches in 2018: Report

More than 5 billion records were exposed last year through 6,515 publicly disclosed data breaches, according to a new report from Risk Based Security. 

More than 5 billion records were exposed last year through 6,515 publicly disclosed data breaches, according to a new report from Risk Based Security. 

Both the number of reported breaches and that of the compromised records have decreased compared to the previous year (from 6,728 and 7.94 billion, respectively), but incidents continue to be disclosed and the number of reported events might end up being higher than in 2017, although the impacted records should remain under 6 billion.

“We’ve been monitoring breach events for more than a dozen years now and this is the first time we’ve observed a slow start to the year following by a growing number of disclosures as the months pass,” Inga Goddijn, Executive Vice President of Risk Based Security, said. 

“We suspect various factors including the allure of crypto mining had an impact on breach activity early in the year, but disclosures rebounded throughout the summer and into the last quarter,” Goddijn continued. 

According to Risk Based Security’s latest Data Breach QuickView Report (PDF), the Business sector was impacted the most last year, accounting for 66.2% of all the reported breaches and 65.8% of the exposed records. 

Other sectors with a large number of reported breaches include the Government (13.9%), Medical (13.4%) and Education (6.5%). In terms of exposed records, Unclassified (31.8%) and Government (2.2%) are among the most affected. 

12 of the data breaches disclosed last year accounted for 74% of all of the exposed records. Each of these breaches had exposed over 100 million records. The number of breaches exposing over 10 million records was of 41. 

The top breach type reported last year was hacking, at 4,508 events, followed by skimming at 453 and web incidents at 268. When it comes to the amount of records exposed by breach type, however, web takes the top position, with 1.99 billion (39.3%) of the records, followed by hacking at 1.42 billion (28.2%) and fraud at 1.19 billion (25.3%). 

Advertisement. Scroll to continue reading.

Accounting for 5,433 of the disclosed incidents, attacks originating outside of the organization were the most common threat vector, the report reveals. However, misconfigured services, data handling errors and other inadvertent exposure by authorized persons exposed more records than hackers managed to steal (2,094,654,452 versus 1,693,891,890). 

The security firm also looked into the impact that the General Data Protection Regulation (GDPR) might have had on how long it takes for organizations to make a breach report public. They discovered that organizations needed 49.6 days on average to report a breach, longer than in 2017 (48.6 days).

Related: 59,000 Breaches Disclosed in First Eight Months of GDPR

Related: Proposed Law Classifies Ransomware Infection as a Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.