Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption

A study commissioned by Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years.

Apple data breach study

A study commissioned by Apple shows that an estimated 2.6 billion personal records were compromised as a result of data breaches in the past two years, which, according to the tech giant, highlights the need for end-to-end encryption. 

The study, titled ‘The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase’, was conducted by MIT professor Dr. Stuart Madnick. It provides a summary of the major data breaches that came to light in the past year and highlights some trends.

It’s worth noting that there is no original data in the report and the number of compromised personal records was obtained through a combination of data from Verizon for 2021 and an estimation for 2022 — 1.1 billion records in 2021 and 1.5 billion in 2022. 

The study looks at ransomware attacks resulting in significant data breaches, companies that were repeatedly targeted by hackers, incidents resulting from cloud misconfigurations, attacks aimed at government organizations and their contractors, and breaches affecting entities that store particularly sensitive personal information.

The report also provides information on regional data breaches, and massive incidents resulting from third-party vendor exploitation.

It also highlights the end-to-end encryption initiatives of various companies over the past decade, including Apple, Google, Meta, Proton, Signal and Skiff. 

Apple — similar to other tech giants — has long opposed government requests to implement encryption backdoors that would make it easier for authorities to investigate potential criminal activities. 

In fact, the company has been increasingly implementing end-to-end encryption, and is using the new study to promote its Advanced Data Protection for iCloud, which aims to improve cloud data security. 

Advertisement. Scroll to continue reading.

The company claims that, when the feature is activated, 23 sensitive data categories are protected using end-to-end encryption, including backups, notes, and photos. This provides protection including against attacks where the cloud environment itself has been compromised. 

Related: Apple Improves iMessage Security With Contact Key Verification

Related: Apple Denies Helping US Government Hack Russian iPhones

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...