About 1.4 billion data records were lost or stolen in 2016, an increase of 86% compared to 2015, according to a comprehensive analysis of global security breaches conducted by Gemalto through data collected in its Breach Level Index (BLI).
Whereas there was a significant number of distributed denial of service (DDoS) attacks reported during the year on the corporate security front, ransomware attacks also moved from obscurity into the mainstream. A number of companies, including healthcare providers, utilities and others were willing to pay ransoms to avoid losing data or having systems shut down, showing that this type of attack is having an impact on businesses.
“Perhaps more concerning for individual users, many of the attacks in 2016 got personal. The year saw a number of incidents aimed at stealing personal data on websites that many users might be embarrassed to admit using, such as adult content sites. In fact, there was a major increase in breaches of these sites, involving ransom requests and threats of leaking private information about their users,” notes the report.
“By getting hold of this personal data, cyber criminals can extort victims into paying fees in order to avoid having their very private information made public. These kinds of attacks are making data breaches much more personal
than other security incidents, which typically involve ransom against companies or the theft of financial data that does not expose users to public scrutiny.”
Another big trend in 2016 was hackers going after large technology or social and entertainment sites to acquire
account access. After gaining this access, the attackers could easily use it as an entry point. Also notable about 2016 was the scale of records lost, stolen or compromised during data breaches which was much larger than in previous years.
The key implication of this, according to BLI, is that hackers are casting a wider net whenever they launch an attack against a given target, adding that given that in some cases the number of records involved in a breach are not disclosed, the actual number of lost and stolen in data breaches might even be a lot higher.
In other instances, like in the Yahoo! breach, it can take years for companies to identify or disclose a breach. However, the numbers that are available on breaches and records stolen in 2016 once again show that cyber security efforts are not preventing these attacks from being successful.
Hackers and other attackers launched 1,792 data breaches worldwide in 2016, according to the Gemalto’s BLI. The number of breaches was actually down 4% from 1,866 the year before, but still significant and damaging when one considers that almost 1.4 billion data records were lost or stolen in 2016 compared with 740 million in 2015, representing an increase of 86%.
“And consider that 936 out of the 1,792 breaches had an unknown amount of data records involved, because the information was not publicly available in the breach disclosure. This is noteworthy as it represents the difficulty of
knowing exactly how many people’s records have been affected. Breach disclosure laws only require certain things such as informing people if they have been affected,” states the report.
According to the BLI, malicious outsiders such as hackers and cyber criminals were by far the leading source of data breaches in 2016, with identity theft, once again, being the most common type of breach. Of the industry sectors, healthcare was easily the hardest hit with breaches while in terms of geography, the US and North America had by far the largest numbers of disclosed breaches during the year.
To create the Breach Level Index, Gemalto, a global provider of digital security solutions, gathers extensive information about data breaches worldwide, from internet searches, news articles and analyses and other resources. The data gathered is then aggregated into the Index, a database that Gemalto continually maintains. The data is analyzed in terms of the number of breaches that occur; the number of data records lost; and data breaches by industry, type of breach, source and by country or region.