More than 5 billion records were exposed last year through 6,515 publicly disclosed data breaches, according to a new report from Risk Based Security.
Both the number of reported breaches and that of the compromised records have decreased compared to the previous year (from 6,728 and 7.94 billion, respectively), but incidents continue to be disclosed and the number of reported events might end up being higher than in 2017, although the impacted records should remain under 6 billion.
“We’ve been monitoring breach events for more than a dozen years now and this is the first time we’ve observed a slow start to the year following by a growing number of disclosures as the months pass,” Inga Goddijn, Executive Vice President of Risk Based Security, said.
“We suspect various factors including the allure of crypto mining had an impact on breach activity early in the year, but disclosures rebounded throughout the summer and into the last quarter,” Goddijn continued.
According to Risk Based Security’s latest Data Breach QuickView Report (PDF), the Business sector was impacted the most last year, accounting for 66.2% of all the reported breaches and 65.8% of the exposed records.
Other sectors with a large number of reported breaches include the Government (13.9%), Medical (13.4%) and Education (6.5%). In terms of exposed records, Unclassified (31.8%) and Government (2.2%) are among the most affected.
12 of the data breaches disclosed last year accounted for 74% of all of the exposed records. Each of these breaches had exposed over 100 million records. The number of breaches exposing over 10 million records was of 41.
The top breach type reported last year was hacking, at 4,508 events, followed by skimming at 453 and web incidents at 268. When it comes to the amount of records exposed by breach type, however, web takes the top position, with 1.99 billion (39.3%) of the records, followed by hacking at 1.42 billion (28.2%) and fraud at 1.19 billion (25.3%).
Accounting for 5,433 of the disclosed incidents, attacks originating outside of the organization were the most common threat vector, the report reveals. However, misconfigured services, data handling errors and other inadvertent exposure by authorized persons exposed more records than hackers managed to steal (2,094,654,452 versus 1,693,891,890).
The security firm also looked into the impact that the General Data Protection Regulation (GDPR) might have had on how long it takes for organizations to make a breach report public. They discovered that organizations needed 49.6 days on average to report a breach, longer than in 2017 (48.6 days).
Related: 59,000 Breaches Disclosed in First Eight Months of GDPR
Related: Proposed Law Classifies Ransomware Infection as a Data Breach