Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

6,500 Publicly Disclosed Data Breaches in 2018: Report

More than 5 billion records were exposed last year through 6,515 publicly disclosed data breaches, according to a new report from Risk Based Security. 

More than 5 billion records were exposed last year through 6,515 publicly disclosed data breaches, according to a new report from Risk Based Security. 

Both the number of reported breaches and that of the compromised records have decreased compared to the previous year (from 6,728 and 7.94 billion, respectively), but incidents continue to be disclosed and the number of reported events might end up being higher than in 2017, although the impacted records should remain under 6 billion.

“We’ve been monitoring breach events for more than a dozen years now and this is the first time we’ve observed a slow start to the year following by a growing number of disclosures as the months pass,” Inga Goddijn, Executive Vice President of Risk Based Security, said. 

“We suspect various factors including the allure of crypto mining had an impact on breach activity early in the year, but disclosures rebounded throughout the summer and into the last quarter,” Goddijn continued. 

According to Risk Based Security’s latest Data Breach QuickView Report (PDF), the Business sector was impacted the most last year, accounting for 66.2% of all the reported breaches and 65.8% of the exposed records. 

Other sectors with a large number of reported breaches include the Government (13.9%), Medical (13.4%) and Education (6.5%). In terms of exposed records, Unclassified (31.8%) and Government (2.2%) are among the most affected. 

12 of the data breaches disclosed last year accounted for 74% of all of the exposed records. Each of these breaches had exposed over 100 million records. The number of breaches exposing over 10 million records was of 41. 

The top breach type reported last year was hacking, at 4,508 events, followed by skimming at 453 and web incidents at 268. When it comes to the amount of records exposed by breach type, however, web takes the top position, with 1.99 billion (39.3%) of the records, followed by hacking at 1.42 billion (28.2%) and fraud at 1.19 billion (25.3%). 

Accounting for 5,433 of the disclosed incidents, attacks originating outside of the organization were the most common threat vector, the report reveals. However, misconfigured services, data handling errors and other inadvertent exposure by authorized persons exposed more records than hackers managed to steal (2,094,654,452 versus 1,693,891,890). 

The security firm also looked into the impact that the General Data Protection Regulation (GDPR) might have had on how long it takes for organizations to make a breach report public. They discovered that organizations needed 49.6 days on average to report a breach, longer than in 2017 (48.6 days).

Related: 59,000 Breaches Disclosed in First Eight Months of GDPR

Related: Proposed Law Classifies Ransomware Infection as a Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.