375 million customer records compromised so far in 2014

Information security company SafeNet has released the highlights from its SafeNet Breach Level Index (BLI) for the second quarter of 2014.

Between April and June of this year, there were a total of 237 breaches that compromised more than 175 million customer records of personal and financial information worldwide.

For the first half of 2014, more than 375 million customer records were stolen or lost as a result of 559 breaches worldwide.

The retail industry had more data records compromised than any other industry during the second quarter, with more than 145 million records stolen or lost, or 83% of all data records breached.

Less than 1% of all 237 breaches during the second quarter were secure breaches where strong encryption or authentication solutions protected the data from being used.

SafeNet also announced the results of a global survey of more than 4500 adult consumers in which nearly 40% of respondents said they would never, or were very unlikely to, shop or do business again with a company that had experienced a data breach.

This sentiment increased to 65% if the data breach involved customers’ financial and sensitive information.

Highlights of the report

In each of the last four consecutive quarters, there has been one major data breach in which more than 100 million records were exposed.

175,655,228 records were stolen in the second quarter. This equates to 1,951,724 records stolen per day; 81,321 stolen per hour; and 1355 records stolen every second.

Malicious outsiders are targeting businesses’ most critical records. They are responsible for compromising 99% of the records and 56% of the incidents this quarter - more than any other source.

Healthcare incurred 23% of incidents, more than any other industry, but only accounted for 782,732 records lost or less than 1% of all records stolen during the quarter.

Identity theft was the leading cause of breaches with 58% of all incidents and 88% of records stolen.

Encryption was used in only 10 of the 237 reported data breach incidents. Of those, only two could be classified as secure breaches in which encryption restricted the access of stolen data.

The US accounted for 85% of records compromised worldwide and 74% of all reported incidents, more than any other country. Germany followed with 10% of all records stolen.

Three of the top five breaches were based in the US, with the other two breaches occurring in Europe.

Government was the second least secure sector after retail, accounting for 11% of all records that were lost or stolen. The US Department of Veterans Affairs incurred the most breaches, having been hacked during each quarter of 2014.

Financial services breaches decreased significantly from the first quarter, down from 56% to less than 1% of records stolen in the second quarter.

“Even amidst continued warnings about data security, the breach epidemic is trending in the wrong direction. 2014 has proven to be more of the same, with 375 million customer records stolen in the first six months alone,” said Tsion Gonen, chief strategy officer, SafeNet.

“While it’s not surprising that sophisticated cybercriminals are gaining access to critical data stores, what is surprising is that only 1% of breached records had been encrypted.

“The benefits of encryption have been known for some time, but companies just aren’t doing it,” Gonen added. “It’s the security industry’s equivalent of flossing your teeth. Everyone knows it’s good for you and the technology is proven, but only a small percentage of companies do it well.”

Image courtesy r2hox under CC