Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Over 700 Million Data Records Compromised in 2015: Report

Last year, 1,673 data breaches resulted in roughly 707 million data records being compromised worldwide, according to statistics from Gemalto’s Breach Level Index report.

Last year, 1,673 data breaches resulted in roughly 707 million data records being compromised worldwide, according to statistics from Gemalto’s Breach Level Index report.

Designed as a global database that tracks data breaches globally and measures their severity, the Breach Level Index (BLI) delivers a comparative list of breaches and can distinguish nuisances from truly impactful mega breaches. It measures severity based on the number of compromised records, type of data, source of breach, and whether or not data was encrypted.

Some of the most notable data breaches of 2015 include the Anthem breach, which resulted in the theft of 78.8 million records, followed by the incident involving Turkey’s General Directorate of Population and Citizenship Affairs incident, which exposed 50 million records. They scored 10 and 9.9 on Gemalto’s risk assessment scale, respectively.

The South Korea Pharmaceutical Information Center breach with 43 million records, U.S. Office of Personnel Management (OPM) incident with 22 million records, and the Experian breach, with 15 million records, round up the top five incidents for last year.

The BLI report (PDF) started benchmarking publicly disclosed data breaches in 2013 and has seen over 3.6 billion data records since. Data collected by Gemalto showed a 3.4 percent drop in the number of data breaches compared to 2014. Additionally, the total number of compromised records dropped by 39 percent, Gemalto said.

Outside attackers represented the leading source of breaches, accounting for 964 of them, or 58 percent of the total, as well as for 38 percent of the compromised records. Accidental loss or exposure of data records accounted for 36 percent of all exposed records last year, while malicious insiders accounted for only 14 percent of incidents and 7 percent of compromised records, with 238 attacks.

Identity theft was the primary type of breach last year accounting for 53 percent of incidents and 40 percent of all compromised records. Attacks believed to be state-sponsored accounted for 2 percent of data breaches, but only 15 percent of all records exposed last year were compromised as a result of those attacks, Gemalto says.

According to the company, North America saw the largest number of data breach incidents, namely 77 percent, while 59 percent of all compromised records happened in the United States. For comparison, Europe accounted for 12 percent of breach incidents in 2015, while the Asia Pacific region for only 8 percent of them.

Gemalto also reveals that the government sector was the victim of 16 percent of all breaches and accounted for 43 percent of compromised data records, a massive 476 percent increase compared to the previous year, mainly due to several very large data breaches in the United States and Turkey. The healthcare sector accounted for 23 percent of incidents and 19 percent of compromised records.

The BLI data also shows that the retail sector registered a 93 percent drop in the number of stolen data records compared to 2014, accounting for only 6 percent of stolen records in 2015, and for 10 percent of total number of breaches in 2015. With a 99 percent drop, financial services accounted for 0.1 percent of compromised data records and 15 percent of the total number of breaches.

“In 2014, consumers may have been concerned about having their credit card numbers stolen, but there are built-in protections to limit the financial risks. However, in 2015 criminals shifted to attacks on personal information and identity theft, which are much harder to remediate once they are stolen,” Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto, said.

Related: Was 2015 the Year of Breach Fatigue? 

Related: How Attackers Likely Bypassed Linode’s Two-Factor Authentication to Hack PagerDuty 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.