​Gemalto reports 4.6 billion record breaches in the first half of 2018

Across 945 breach incidents that occurred mainly in the United States and Australia.
Written by Asha Barbaschow, Contributor

In the first six months of 2018, a total of 4,553,172,708 records were compromised, an increase of 133 percent over the first-half of 2017, a report from Gemalto has found.

In its latest Breach Level Index, Gemalto said accidental loss was the leading factor behind several breaches where data records were disclosed, noting this was due to organisations not taking proper action to secure their cloud-based assets.

The report shows there were 945 security incidents reported in the first half of 2018, which is 18.7 percent fewer than the 1,162 breaches disclosed in the period a year prior.

559 of the breaches occurred in North America and 308 in Australia. The third highest-breached country was the United Kingdom, with 22 incidents.

Of the total 945 breach incidents, 256 were in healthcare, 134 financial services, 86 in education, 68 in professional services, and 61 in government, with the remainder spread across industries such as retail, technology, industrial, and hospitality.

Must read: 8 steps to take within 48 hours of a data breach (TechRepublic)

According to Gemalto, malicious outsiders were the biggest threat in the first half of 2018.

The number of records exposed by external attackers rose by 1,294 percent to 3.6 billion records breached, it was reported, while the number of files exposed by accidental loss dropped by 47 percent to just under 880 million.

There were 23 incidents of hacktivism, representing a 1,050 percent increase over the previous year. Additionally, the number of records compromised grew from 70,000 to more than 13 million, the report showed.

The number of records malicious insiders compromised decreased 60 percent to just over 12 million. Similarly, the number of incidents involving malicious insiders was down 45 percent to 61.

Identity theft was the most prevalent data breach type, Gemalto found, accounting for approximately 87.2 percent of the total breached records.

This was followed by financial access and account access, which grew to 359 million and 220 million compromised records, respectively.

Social media giants including Twitter and Facebook, witnessed the greatest number of compromised records, followed by government.


Contributing to a fair chunk of the almost 4.6 billion total was Facebook, which revealed that malicious actors could have abused its search and account recovery capabilities to scrape public profile information from most of its more than 2 billion users.

Another leak was at the hands of personal and business data search service LocalBlox and involved the exposure of 48 million records the company had scraped from websites and social networks like Facebook, LinkedIn, Twitter, and Zillow without the users' knowledge or consent.

FedEx-owned Bongo International also added to the 4.6 million exposed records after misconfiguring an Amazon S3 bucket containing 119,000 scanned documents including individual passports, drivers licences, and security IDs.


Editorial standards