Hackers Stole 2 Million Customer Records Per Day in Q2 2014


The second quarter of 2014 saw 237 data breaches that exposed more than 175 million customer records worldwide, according to the SafeNet Breach Level Index.

That's almost 2 million customer records stolen or lost per day.

The retail industry was hit hardest, with more than 145 million customer records stolen or lost, 83 percent of the total for the quarter. And while healthcare was hit by 23 percent of all data breaches for the quarter, the breaches themselves were small, accounting for less than 1 percent of all records exposed.

These data breaches can have a real impact on companies' reputations. A separate survey by SafeNet of 4,500 adults in the U.S., the U.K., Germany, Japan and Australia found that 65 percent of respondents would never, or are very unlikely to, do business again with a company that had experienced a data breach where financial data was stolen. Similarly, 57 percent respondents said they would never, or were very unlikely to, do business again with a company that had experienced a data breach that exposed personally identifiable information (PII).

The survey also found that only half of respondents feel that companies are taking the protection and security of customer data seriously enough.

"Data breaches are not just breaches of security," SafeNet chief strategy officer Tsion Gonen said in a statement. "They're also breaches of trust between companies and their customers, and can result in not only negative publicity but lost business, lawsuits and fines that can threaten the viability of the business."

SafeNet's Breach Level Index also found that malicious outsiders were responsible for compromising fully 99 percent of the records stolen in the first quarter of 2014.

Those types of breaches continue to happen on a regular basis.

Backcountry Gear recently began notifying all customers who placed orders between April 27 and July 17, 2014 that their financial information may have been exposed by malware that was been installed on a company server on April 27, 2014. The data potentially exposed includes customer names, mailing addresses, purchase information and credit or debit card numbers.

"Our site is now secure and measures have been implemented to prevent similar attempts in the future," company owner Michael Monson wrote in the notification letter [PDF].

The Dreslyn recently notified an undisclosed number of customers that credit card data was illegally accessed during payment processing between April 23 and July 15, 2014, potentially exposing customers' user names, passwords, names, addresses, credit or debit card numbers, expiration dates and CVV codes.

"We are working with law enforcement and forensic investigators to conduct a thorough review of the potentially affected records and systems," The Dreslyn president and CEO Brooke Taylor Corcia wrote in the notification letter [PDF]. "We have reset the account passwords of those affected and implemented additional security measures designed to prevent a recurrence of such an attack."

And Vibram recently began notifying all customers who made a purchase from its website between June 6 and July 7, 2014 that the site was hit by a targeted attack that may have exposed those customers' credit card numbers.

"As soon as we were made aware of the situation, we removed the malicious code installed by the hackers and implemented additional security measures to help prevent any recurrence of the activity," Vibram president and CEO Mike Gionfriddo wrote in the notification letter [PDF]. "Second, we will be relocating our website to a new service provider and secure platform that has increased security measures."

In response to these kinds of breaches, Lancope director of security research Tom Cross recently spoke with eSecurity Planet about the benefits of applying military strategy to cyber defense. "I'm not suggesting that corporations should behave like the military, but corporate security professionals can learn a lot from understanding how the military thinks about what they do," he said.