Over 3,800 data breaches reported in the first half of 2019
2019 is on track to be another 'worst on record' year for data breaches according to a new report from Risk Based Security which finds the number of reported breaches has gone up by 54 percent and the number of exposed records by 52 percent compared to the first six months of 2018.
It shows 3,813 breaches have been reported in the first six months of 2019, exposing more than 4.1 billion records. Eight breaches alone have exposed over 3.2 billion records, 78.6 percent of the total, between them.
The business sector accounts for 67 percent of reported breaches, which continues the trend observed in the company's Q1 report. From these breaches, further analysis shows that the business sector was then responsible for 84.6 percent of records exposed.
"Looking over the first six months of 2019, it is hard to be optimistic on the outlook for the year," says Inga Goddijn, executive vice president of Risk Based Security. "The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate."
Unauthorized access of systems or services is still the number one breach type with phishing being a common first step for gaining access to systems and services. Interestingly enough, phishing for credentials often leads to providing attackers with access to users' email accounts. While the data held in email may not be as easily monetized as some, it does lead to the exposure of unusual or unexpected types of data. Some of the less common data elements exposed this year include electronic signatures, calendars, marriage certificates, and company issued employee ID numbers.
Ms Goddijn concludes, "While the landscape does look bleak, we have seen bright spots this year. Some organizations are choosing to report incidents that might have gone unreported in the past. The most recent example of this came up just a few days ago, when Monzo Bank opted to report customers’ account PINs being inadvertently stored in internal logs that were accessible to their engineering teams. Once the issue was identified, the bank had it corrected and disclosed within 5 days. A breach is rarely good news but a fast response coupled with open communication speaks well of the organization. We hope to see more organizations following Monzo's lead as the year unfolds."
The full report is available from the Risk Based Security site.