1.4 Billion Data Records Exposed in 2016

Gemalto yesterday released the findings of its Breach Level Index for 2016, which states that 1,792 data breaches worldwide led to the compromise of almost 1.4 billion data records last year, an increase of 86 percent over the previous year.

Identity theft was the leading type of data breach in 2016, accounting for 59 percent of all data breaches.

The second most common type of breach was account access based breaches, accounting for 54 percent of all breached records, a surge of 336 percent over 2015.

In the time since the Breach Level Index was launched in 2013, more than 7 billion data records have been exposed — more than 3 million per day.

“The Breach Level Index highights four major cybercriminal trends over the past year,” Gemalto vice president and CTO for data protection Jason Hart said in a statement. “Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets.”

“Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large databases such as entertainment and social media sites,” Hart added. “Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid.”

Malicious outsiders were responsible for 68 percent of breaches, up from just 13 percent in 2015.

For 52 percent of data breaches, the number of compromised records was not disclosed at the time the breach was reported.

The healthcare industry suffered 28 percent of all data breaches in 2016, an increase of 11 percent over 2015. Still, the number of compromised data records in healthcare decreased by 75 percent from the previous year.

Just 6 percent of the data records compromised, lost or stolen in 2016 were encrypted partially or in full, up from 2 percent in 2015.

“Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organizations,” Hart said. “Encryption and authentication are no longer ‘best practices’ but necessities.”

Last week, New York Attorney General Eric Schneiderman announced that his office received almost 1,300 data breach notices in 2016, an increase of 60 percent over the previous year.

Hacking accounted for more than 40 percent of data breaches affecting New Yorkers in 2016, though employee negligence accounted for almost as many breaches at 37 percent.

Eighty-one percent of breaches exposed Social Security numbers.

“In 2016, New Yorkers were the victims of one of the highest data exposure rates in our state’s history,” Schneiderman said in a statement.

“It’s on all of us to guard against those who try to use our personal information for harm — as these breaches too often jeopardize the financial health of New Yorkers and cost the public and private sectors billions of dollars,” Schneiderman added.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles