More than 15.1 billion records were exposed in 2019 as part of the data breaches that were publicly reported, Risk Based Security reveals.
The number of exposed records registered a massive 284% spike compared to the previous year (which had 5.3 billion records exposed), and also marked a 91% increase compared to 2017 (7.95 billion records).
A total of 7.2 billion records were compromised between October 1 and December 31, 2019, with four events accounting for 93.5% of these records. All four involved open, misconfigured databases that were made publicly accessible.
The number of reported data breaches was of 7,098 last year, representing only a 1% increase compared to the 7,035 breaches reported in 2018.
However, the gap is expected to grow in the next two months, as more 2019 incidents are publicly disclosed, Risk Based Security’s 2019 Year End Data Breach QuickView Report reveals (PDF). Another 250-300 incidents are expected to be added to the list.
Sensitive data was accessible but not confirmed as stolen for 22.6% of the incidents. There were “three breaches that compromised 1 billion records or more exposed transaction logs,” but the number of impacted people is much lower than the 7.6 billion exposed records.
Of the 15.1 billion records exposed last year, 13.5 billion were compromised via the web, specifically inadvertent exposure of data online, the report reveals. Hacking exposed 1.5 billion records, while the other types of incidents combined exposed 120 million records.
Hacking, however, accounted for 5,184 of the reported data breaches, while there were only 343 web incidents reported.
“There are plenty of malicious actors ready to take advantage of any and every shortcoming or oversight. Hacking, defined as unauthorized intrusion into systems, has been the top breach type by number of incidents for every year of the past decade except for 2010,” Risk Based Security notes.
The information sector emerged as the leader in the number of data breaches, with 614 incidents, with the healthcare sector following on the second position, at 512, and finance and insurance landing on the third, with 435 incidents.
Most of the data breaches in the information sector (88%) can be attributed to software publishers, data processing and hosting services, and Internet publishing companies.
By November, more than 38 million healthcare records had been exposed in the United States, impacting 11.64% of the population, data from the U.S. Department of Health and Human Services Office for Civil Rights breach portal revealed. However, only breaches impacting more than 500 individuals are added to the portal.
A total of 368 third-party breaches were reported in 2019, exposing over 4.7 billion records, with an average number of exposed records of roughly 13 million per breach.
Related: Equifax Ordered to Spend $1 Billion on Data Security Under Data Breach Settlement
Related: Capital One Discloses Massive Data Breach: 106 Million Impacted

More from Ionut Arghire
- F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
- Boxx Insurance Raises $14.4 Million in Series B Funding
- Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data
- 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability
- Guardz Emerges From Stealth Mode With $10 Million in Funding
Latest News
- F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
- Cyber Insights 2023 | Ransomware
