Over 554M data records breached, with identity theft most common

More than 970 data breaches were reported worldwide in the first half of 2016, up 15 percent from the previous six months, according to Gemalto's Breach Level Index.
Written by Eileen Yu, Senior Contributing Editor

More than 554 million data records globally were compromised in the first six months of the year, with identify theft the most common form of breach.

The number was up 15 percent from the previous six months, revealed Gemalto's latest Breach Level Index, which began tracking publicly disclosed data breaches in 2013. Across the globe, there were 974 reported data breaches, compared to 844 in the second half of 2015, and the volume of compromised data records were not made known publicly in 52 percent of the breaches.

Some 79 percent of reported incidents were in North America, while 9 percent were in Europe, and 8% in the Asia-Pacific region.

Identity theft accounted for 64 percent of all data breaches, up from 53 percent in the previous six months. External attackers, the biggest source of reported incidents, were responsible for 69 percent of breaches compared to 56 percent in the second half of 2015. Accidental loss accounted 18 percent of data breaches, while malicious inside attackers were responsible for 9 percent or 83 reported incidents.

The healthcare sector, which in recent years had become a hot target of cyberattackers, suffered 27 percent of total breaches or 263 incidents involving 30 million compromised data records. This, however, represented only 5.4 percent of the overall volume of breached data.

Breached government records accounted for 57 percent of the total volume, involving more than 318.2 million data records in the first half of 2016. Financial services institutions accounted for 12 percent of overall data breaches, dropping 4 percent from the previous six months, and 2 percent of total breached data records.

Gemalto's vice president and CTO of data protection, Jason Hart, said: "The theft of user names and account affiliation may be irritating for consumers, but the failure of organisations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data.

"As data breaches continue to grow in frequency and size, it is becoming more difficult for consumers, government regulatory agencies, and companies to distinguish between nuisance data breaches and truly impactful mega breaches," Hart said.

He underscored the need to distinguish between such attacks as each would lead to different consequences. "A breach involving 100 million user names is not as severe as a breach of one million accounts with social security numbers and other personally identifiable information that are used for financial gain," he said.

Gemalto's findings were in line with Intel Security's recent McAfee Labs Threat Report, which also noted increased ransomware attacks targeting healthcare operators. It noted that this sector's dependence on legacy IT systems and medical devices with weak or no security made such organisations popular targets.

Editorial standards