Data breach activity declines sharply in 2018

The number of data breaches disclosed in the first three months of this year fell to 686 compared to 1,444 breaches reported in the same period of 2017, according to a new report.

This still represents the exposure of some 1.4 billion records, although this figure too is down from 3.4 billion in the same quarter last year.

The study from Risk Based Security also shows a shift in tactics. The spike in the value of cryptocurrencies that took place in January fueled a rapid expansion into the theft of computing resources.

"We knew we were seeing less activity than prior quarters but we were still surprised by the final tally," says Inga Goddijn, executive vice president at Risk Based Security. "We were geared up for a wave of activity targeting tax filing data that never fully materialized as expected." In Q1 of 2017 there were over 200 instances of phishing for employee W2 tax form data. At the end of April 2018, that activity had shrunk to just over 30 such reported events.

The top five breach types that dominated recent reports -- hacking, skimming, inadvertent disclosure on the internet, phishing and malware -- remain the same in 2018. Likewise, the vast majority of breaches are still originating from outside the organization, most events being discovered by external parties, the data types targeted and average number of records compromised show little variation from 2017 either.

Ms Goddijn adds, "Other than the dip in the number of data breaches reported, Q1 2018 was very much in lock step with recent quarters. If there was a truly seismic shift in breach activity we would expect other metrics to show some signs of change as well. Given this, we think the jury is still out on whether the dip is a one-time blip or part of a larger trend."

The full report is available to download from the Risk Based Security site.

Photo Credit: elwynn/Shutterstock