1 Billion Data Records Compromised in 2014

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to the latest findings of Gemalto's Breach Level Index (BLI), more than 1,500 data breaches worldwide led to one billion data records compromised in 2014.

Compared to 2013, that's a 49 percent increase in data breaches, and a 78 percent increase in data records lost or stolen. The number of data breaches involving more than 100 million compromised data records also doubled compared to 2013.

Cybercriminals' main motivation in 2014 was identity theft, according the BLI -- 54 percent of all data breaches in 2014 were identity theft-based, more than any other breach category, including access to financial data. Identity theft breaches also accounted for one third of the most severe data breaches categorized by the BLI.

"We're clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number," Tsion Gonen, vice president of strategy for identity and data protection at Gemalto, said in a statement.

"Identity theft could lead to the opening of new fraudulent credit accounts creating false identities for criminal enterprises, or a host of other serious crimes," Gonen added. "As data breaches becomes more personal, we're starting to see that the universe of risk exposure for the average person is expanding."

There's one piece of good news: secure breaches, in which compromised data was encrypted in full or in part, grew from 1 percent to 4 percent of all breaches in 2014.

Due to an increase in attacks targeting point-of-sale systems, 55 percent of all data records compromised were in the retail sector, compared to 29 percent in 2013. In the financial services sector, the average number of records lost per breach surged from 112,000 in 2013 to 1.1 million in 2014.

"Not only are data breach numbers rising, but the breaches are becoming more severe," Gonen said. "Being breached is is not a question of 'if' but 'when.' Breach prevention and threat monitoring can only go so far and do not always keep the cyber criminals out."

"Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data. That way, if the data is stolen it is useless to the thieves."

Among the largest breaches listed in the BLI database are the September 2014 breach of Home Depot, the August 2014 breach of JPMorgan Chase, the August 2014 CyberVor breach, and the May 2014 breach of eBay.

Recent eSecurity Planet articles have offered tips on dealing with data breaches, and examined the challenges involved in determining the cost of a data breach.