Last year, 1,673 data breaches resulted in roughly 707 million data records being compromised worldwide, according to statistics from Gemalto’s Breach Level Index report.
Designed as a global database that tracks data breaches globally and measures their severity, the Breach Level Index (BLI) delivers a comparative list of breaches and can distinguish nuisances from truly impactful mega breaches. It measures severity based on the number of compromised records, type of data, source of breach, and whether or not data was encrypted.
Some of the most notable data breaches of 2015 include the Anthem breach, which resulted in the theft of 78.8 million records, followed by the incident involving Turkey’s General Directorate of Population and Citizenship Affairs incident, which exposed 50 million records. They scored 10 and 9.9 on Gemalto’s risk assessment scale, respectively.
The South Korea Pharmaceutical Information Center breach with 43 million records, U.S. Office of Personnel Management (OPM) incident with 22 million records, and the Experian breach, with 15 million records, round up the top five incidents for last year.
The BLI report (PDF) started benchmarking publicly disclosed data breaches in 2013 and has seen over 3.6 billion data records since. Data collected by Gemalto showed a 3.4 percent drop in the number of data breaches compared to 2014. Additionally, the total number of compromised records dropped by 39 percent, Gemalto said.
Outside attackers represented the leading source of breaches, accounting for 964 of them, or 58 percent of the total, as well as for 38 percent of the compromised records. Accidental loss or exposure of data records accounted for 36 percent of all exposed records last year, while malicious insiders accounted for only 14 percent of incidents and 7 percent of compromised records, with 238 attacks.
Identity theft was the primary type of breach last year accounting for 53 percent of incidents and 40 percent of all compromised records. Attacks believed to be state-sponsored accounted for 2 percent of data breaches, but only 15 percent of all records exposed last year were compromised as a result of those attacks, Gemalto says.
According to the company, North America saw the largest number of data breach incidents, namely 77 percent, while 59 percent of all compromised records happened in the United States. For comparison, Europe accounted for 12 percent of breach incidents in 2015, while the Asia Pacific region for only 8 percent of them.
Gemalto also reveals that the government sector was the victim of 16 percent of all breaches and accounted for 43 percent of compromised data records, a massive 476 percent increase compared to the previous year, mainly due to several very large data breaches in the United States and Turkey. The healthcare sector accounted for 23 percent of incidents and 19 percent of compromised records.
The BLI data also shows that the retail sector registered a 93 percent drop in the number of stolen data records compared to 2014, accounting for only 6 percent of stolen records in 2015, and for 10 percent of total number of breaches in 2015. With a 99 percent drop, financial services accounted for 0.1 percent of compromised data records and 15 percent of the total number of breaches.
“In 2014, consumers may have been concerned about having their credit card numbers stolen, but there are built-in protections to limit the financial risks. However, in 2015 criminals shifted to attacks on personal information and identity theft, which are much harder to remediate once they are stolen,” Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto, said.
Related: Was 2015 the Year of Breach Fatigue?
Related: How Attackers Likely Bypassed Linode’s Two-Factor Authentication to Hack PagerDuty