{"id":29,"date":"2023-04-10T06:59:50","date_gmt":"2023-04-10T06:59:50","guid":{"rendered":"https:\/\/dataprot.net\/?p=29"},"modified":"2023-05-05T11:56:04","modified_gmt":"2023-05-05T11:56:04","slug":"data-breach-statistics","status":"publish","type":"post","link":"https:\/\/dataprot.net\/statistics\/data-breach-statistics\/","title":{"rendered":"Data Breach Statistics That Will Make You Think Twice Before Filling Out an Online Form"},"content":{"rendered":"\n
Data breaches are flooding the news. From large hotels and banks to universities and voters\u2019 lists<\/a>, it seems none of our personal information is as safe as we\u2019d hope. So, how do breaches happen? What kind of information is compromised? Whose fault is it? And what are the ramifications of such events? <\/p>\n\n\n\n If, after reading bombastic data spill headlines, you\u2019re left with a host of questions, we have answers for you. We\u2019ve compiled a list of the latest stats and facts about this omnipresent digital danger.<\/p>\n\n\n\n (Dark Reading)<\/p>\n\n\n\n If you feel like you hear about yet another data leak in the news every day, you\u2019re not wrong. As the amount of data we collect and process with our devices grows exponentially, so does the number of security breaches and cyber attacks. In fact, there are so many occurring that the news can only cover a fraction of them. According to data breach statistics for 2019, the first half of the year has brought 21 new breaches every day. <\/p>\n\n\n\n (Risk Based Security)<\/p>\n\n\n\n Putting the previous stat into perspective, by June 30 a total of 3,813 data breaches had been reported. Collectively, these breaches exposed a whopping number of records – more than 4.1 billion in total. When we compare this to 2018 data breaches, the situation is getting worse. The 2018 midyear report showed 2,308 breaches that compromised 2.6 billion records.<\/p>\n\n\n\n (Gemalto)<\/p>\n\n\n\n Some of these data records are lost as a consequence of human error inside a company. Others are compromised due to the growing number of cyber attacks per day. The size of the organization doesn\u2019t seem to play a role – both small and large businesses, as well as governmental bodies, lose or get their data stolen. Even though these incidents are becoming commonplace, there are many things you can do to protect your information.<\/p>\n\n\n\n (Risk Based Security) <\/p>\n\n\n\n While data compromise is becoming more and more frequent, not all incidents are massive. According to Risk Based Security\u2019s 2019 midyear data breach report, only eight big data breaches accounted for 78.6% of all the records exposed from the start of the year through June 30. This shows that cybersecurity threats are more pressing for large corporations that handle huge swathes of data.<\/p>\n\n\n\n (IBM) <\/p>\n\n\n\n IBM\u2019s annual Cost of Data Breach Study, which included 500 companies in 13 countries, indicates that the average time to discover a breach has increased by nine days since 2018. Such data breach trends can be attributed to the growing number of IoT devices, widespread use of mobile platforms, increased migration to the cloud, and compliance failures. <\/p>\n\n\n\n (Risk Based Security)<\/p>\n\n\n\n When we look at the data breaches list compiled by Risk Based Security, a global provider of vulnerability intelligence, and analyze the type of data that was breached, we can see that this is typically information users can easily change. During 70% of these leaks, victims\u2019 email addresses were revealed. Passwords<\/a> were the next most-commonly compromised types of data; in 64% of breaches, victims\u2019 passwords got leaked. Luckily, data you cannot modify – like your Social Security number and date of birth – was revealed in only 11% and 8% of incidents respectively.<\/p>\n\n\n\n (Risk Based Security)<\/p>\n\n\n\n No matter how diligently one party might work on keeping data safe within its organization, there\u2019s still always a data breach risk. As the latest data breaches statistics show, 3.6% of recent incidents in organizations worldwide involved information that belonged to their associates. <\/p>\n\n\n\n (IBM)<\/p>\n\n\n\n The most recent IBM study reveals that the costs of violated data security are ever-growing. A company that falls victim to a cyberattack, or one that leaks confidential information due to its employees\u2019 human error, stands to lose $3.92 million on average. Last year, the average cost was $60,000 lower, at $3.86 million.<\/p>\n\n\n\n (IBM) <\/p>\n\n\n\n The same source shows that the cost per record in a data breach is around $150, since 25,575 records get affected on average during a breach. These costs are usually distributed over the course of three years. The majority of costs (67%) are born in the first year, while the rest are paid in the second (22%) and third year (11%) following a breach.<\/p>\n\n\n\n (Verizon)<\/p>\n\n\n\n Small business owners have so much on their plate that they often overlook cybersecurity. Unlike large corporations that have extensive resources and knowledge, small companies are not so vigilant about the safety of their data. Nonetheless, they collect sensitive information that has value on the black market. Hackers are well aware of this fact, according to the most recent data breach statistics. Knowing that SMEs have limited defenses against a security breach, cybercriminals target these companies almost half of the time. <\/p>\n\n\n\n (Gemalto)<\/p>\n\n\n\n According to the Gemalto breach level index, a tremendous number of records have been snatched in cyber security attacks over the years. The recent history of data breaches tells the tale of nearly 15 billion records compromised in the past six years. This information is used by cybercriminals for a number of illegal activities, like fraudulent tax applications, unauthorized money transfers, and loan applications.<\/p>\n\n\n\n (Varonis)<\/p>\n\n\n\n If these scary facts have you worried about the type and quantity of information you have shared with numerous companies and organizations, you should know there is a silver lining. More than half of the information stored by the typical company is stale. People change their phone numbers, addresses, emails, and even bank account numbers fairly regularly. So, even if a hacker gets his hands on your data, the chances are it\u2019s not that useful. <\/p>\n\n\n\n (Norton)<\/p>\n\n\n\n This was the year when large-scale cybersecurity incidents first started making headlines. It was DSW Shoe Warehouse that unintentionally revealed 1.4 million credit card numbers and the names associated with those accounts. Other then-unprecedented data breach examples include the first breach to affect a college and the first big credit card information breach. The former arose at George Mason University, where the names, pictures, and Social Security numbers of 32,000 students and employees were leaked. The latter targeted the payment card processor CardSystems Solutions. On that occasion, hackers exposed approximately 40 million credit card accounts, almost running the company out of business. <\/p>\n\n\n\n (Digital Guardian)<\/p>\n\n\n\n Thankfully, government data breaches are less common than corporate breaches. However, when they do occur, they tend to reveal sensitive data about US citizens. This was the case in one of the biggest state government breaches to date, which took place in Georgia. The Social Security numbers, birth dates, and driver\u2019s license numbers of 6.5 million voters from the state were leaked in an accident that was blamed on a single system programmer.<\/p>\n\n\n\n (The New York Times)<\/p>\n\n\n\n The as-yet unmatched breach of Yahoo! servers took place in August 2013, but it was only made public three years later. It was initially believed the breach had compromised the data of 1 billion users. However, it was soon determined that anyone with a Yahoo! account was affected. Hackers who accessed the servers of this search engine company got access to users\u2019 names, telephone numbers, email addresses, and dates of birth. According to data loss statistics, even encrypted and unencrypted security questions and answers were hacked.<\/p>\n\n\n\n (CNN)<\/p>\n\n\n\n Despite a large number of data breaches in 2017, this one stood out as the largest political data exposure. GOP, a marketing company hired by the Republican National Committee, shared internal documents on a publicly accessible Amazon server. On that occasion, sensitive information like the names, birth dates, voter registration details, and social media posts of 61% of the U.S. population got leaked.<\/p>\n\n\n\n (CSO)<\/p>\n\n\n\n A recent data breach from 2018 affected 500 million guests of the Marriott International chain of hotels. The system was infiltrated by hackers back in 2014, when it was operated by Starwood Hotels and Resorts. However, the cybercriminals\u2019 illegal activity wasn\u2019t discovered until September 2018. In the meantime, Marriott International had acquired Starwood Hotels and Resorts. During those four years, hackers had access to guests\u2019 names, contact details, and other information that, in most cases, couldn\u2019t cause much harm, such as their preferred rooms in the hotel. However, these criminals also gained access to the passport numbers and credit card information of some guests, making them easy targets for identity theft.<\/p>\n\n\n\n (Krebson Security)<\/p>\n\n\n\n One of the biggest data breaches of all time was discovered this year by security researcher and blogger Brian Krebs. The real estate title insurance company stored sensitive customer data on its website. Without any protection – not even a password – anyone who knew where to look could have accessed bank account numbers, photos of driver’s licenses, Social Security numbers, bank statements, mortgage records, tax documents, and wire transfer receipts dating back to 2003. Information on hundreds of millions of Americans had sat unprotected on the company\u2019s website for years. It\u2019s still unclear who gained access to the information during that time.<\/p>\n\n\n\n (UpGuard) <\/p>\n\n\n\n Facebook has been linked with one social media breach after another, ever since it was launched. The greatest user privacy abuse of this year was reported in January, when it was discovered that the social media giant was leaking sensitive information on publicly accessible cloud storage. Amazon S3 Bucket contained 146 gigabytes of data like Facebook IDs, passwords, Facebook friends, music, movies, books, photos, events, and check-ins. These records are a gold mine for hackers planning phishing scams and social engineering attacks.<\/p>\n\n\n\n (Bank Info Security) <\/p>\n\n\n\n According to healthcare data breaches statistics, in April 2018, the Alaska Department of Health and Social Services suffered a malicious attack that infected it with a Zeus\/Zbot Trojan virus. What was originally thought to be an incident affecting 500 individuals turned out to be a massive breach. The attacker gained access to names, Social Security numbers, dates of birth, addresses, health information, and income data about some 700,000 citizens who had applied for government programs.<\/p>\n\n\n\n (Risk Based Security) <\/p>\n\n\n\n Among the latest security breaches, we have an example of how third parties\u2019 data can be affected when their associates take a hit. AMAC, an industry leader specializing in collection for medical labs, was hacked between August 2018 and March 2019, leaking information belonging to labs that had hired the agency to collect medical bills on their behalf. Even though the AMAC billing page was hacked, information belonging to 12 million Quest Diagnostics and 7 million LabCorp customers were compromised due to this data theft. <\/p>\n\n\n\n (Security Metrics)<\/p>\n\n\n\n Recent cyber attacks in healthcare have predominantly been ransomware attacks. In 2017, almost 60% of attacks in this industry were conducted by hackers who would cut off an organization\u2019s access to its own data, requesting a fee in exchange for regaining control. The public and business sector are other frequent targets for ransomware attacks because they have the means to pay high ransoms fairly quickly. What they can\u2019t afford is to have a system breach go on for too long.<\/p>\n\n\n\n (Security Metrics)<\/p>\n\n\n\n Computer crime statistics presented by Security Metrics emphasize the importance of employee training on cybersecurity. Almost a fifth of organizations that were breached by cyber attackers last year fell victim to phishing. This popular form of social hacking entails sending emails to the staff of an organization urging them to change their password because their account has been compromised. When an uninformed employee falls for this trick, they give attackers their credentials. With this information, the hackers have unfettered access to the company\u2019s system.<\/p>\n\n\n\n (AV-TEST) <\/p>\n\n\n\nKey Data Breach Statistics<\/strong><\/h2>\n\n\n\n
\n
\n
\n
\n
\n
\n
\n
Data Breach Today<\/h3>\n\n\n\n
On average, there were more than 20 data breach reports each day in the first six months of 2019.<\/h5>\n\n\n\n
3,813 breaches were reported in the first half of 2019, affecting more than 4.1 billion records.<\/h5>\n\n\n\n
68 records are lost or stolen every second.<\/h5>\n\n\n\n
Just eight of those 3,813 breaches that occurred in the first six months of the year exposed a combined total of more than 3.2 billion records.<\/h5>\n\n\n\n
The average time it takes to identify a data breach inside an organization is 206 days.<\/h5>\n\n\n\n
There were more than 1,300 data leaks that exposed email addresses and passwords in the first six months of 2019.<\/h5>\n\n\n\n
137 breaches that happened in the first half of 2019 exposed sensitive information pertaining to third parties. <\/strong><\/h5>\n\n\n\n
The average cost of a data breach is $3.92 million.<\/h5>\n\n\n\n
$150 is the average cost per lost or stolen record.<\/strong><\/h5>\n\n\n\n
Small businesses are the victims of 43% of data breaches.<\/h5>\n\n\n\n
14,717,618,286 data records have been lost or stolen since 2013.<\/h5>\n\n\n\n
54% of the data companies hold is outdated.<\/h5>\n\n\n\n
A Short History of Major Data Breaches<\/h3>\n\n\n\n
The first data breach to affect more than 1 million records happened in 2005.<\/h5>\n\n\n\n
The personal information of 6.5 million US voters was exposed in the Georgia Secretary of State breach in 2015.<\/h5>\n\n\n\n
The largest data breach in history was the Yahoo! breach of 3 billion user accounts.<\/h5>\n\n\n\n
The personal information of more than 198 million US voters was shared online by a marketing firm called GOP in 2017.<\/h5>\n\n\n\n
The data of 500 million customers was breached in the Marriott leak in November 2018.<\/h5>\n\n\n\n
885 million title insurance records were exposed in the First American Financial Corp. data breach in 2019.<\/h5>\n\n\n\n
Recent Security Breaches<\/h3>\n\n\n\n
540 million records were exposed in the 2019 Facebook data leak.<\/strong><\/h5>\n\n\n\n
A cyberattack on the Alaska Department of Health and Social Services affected the data of approximately 700,000 people.<\/h5>\n\n\n\n
With 22 million records leaked, the American Medical Collection Agency (AMCA) data breach was the biggest breach to affect third parties this year.<\/h5>\n\n\n\n
Most Common Causes of Data Breaches<\/h3>\n\n\n\n
In 2017, nearly 60% of cyber attacks in healthcare involved ransomware.<\/h5>\n\n\n\n
In 17% of cases, phishing emails were hackers\u2019 way into organizations last year.<\/h5>\n\n\n\n
There are 967.7 million active malware programs in 2019.<\/h5>\n\n\n\n