Record hacking on the rise, Breach Level Index shows

There was an 86% increase in the breach of data records from 2015–2016, according to the findings of the Breach Level Index.

The index, which has been released by Gemalto, revealed that 1792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016.

The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used and whether or not the data was encrypted.

By assigning a severity score to each breach, the index provides a comparative list of breaches, distinguishing data breaches that are a not serious from those that are truly impactful. More than 7 billion data records have been exposed since 2013, when the index began benchmarking publicly disclosed data breaches, which translates to 3 million records compromised every day or roughly 44 records every second.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily attainable account and identity information as a starting point for high value targets,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto.

“Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large databases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid.”

In 2016 identity theft was the leading type of data breach, accounting for 59% of all data breaches — up by 5% from 2015. The second most prevalent type of breach in 2016 was account access-based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54% of all breached records, which is an increase of 336% from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category, with an increase of 101% accounting for 18% of all breached records — up 1474% since 2015.

Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches — up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016 by 31%, but only account for 3% of all breaches that occurred last year.

Across industries, the technology sector had the largest increase in data breaches in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year. Almost 80% of the breaches in this sector were account access and identity theft related. They also represented 28% of compromised records in 2016, an increase of 278% from 2015.

The healthcare industry accounted for 28% of data breaches, rising 11% compared to 2015. However, the number of compromised data records in health care decreased by 75% since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a drop of 78% in compromised data records. Government accounted for 15% of all data breaches in 2016. However, the number of compromised data records increased 27% from 2015. Financial services companies accounted for 12% of all data breaches, a 23% decline compared to the previous year.

All industries listed in the ‘Other’ category represented 13% of data breaches and 36% of compromised data records. In this category the overall number of data breaches decreased by 29%, while the number of compromised records jumped by 300% since 2015. Social media- and entertainment industry-related data breaches made up the majority.

In 2016, 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full, compared to 4% in 2015. In some of these instances, the password was encrypted but other information was left unencrypted. However, of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were encrypted partially or in full (compared to 2% in 2015).

“Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations,” said Hart.

“Encryption and authentication are no longer ‘best practices’ but necessities.”

Image credit: ©stock.adobe.com/au/Nmedia

Follow us on Twitter and Facebook