Security? What security? Four million data records are stolen or lost every day

The number of data records being stolen almost doubled between 2015 and 2016 - to 1.4 billion
Written by Danny Palmer, Senior Writer

A significant chunk of the global population has already been impacted by hackers stealing their data.

Image: iStock

Nearly 1.4 billion data records were stolen by hackers or lost during 2016 - almost double the number which were comprised the previous year and indicating the ever growing threat posed not only by cyberattackers but accidental data breaches and malicious insiders.

Identifiable personal information including names, email addresses, passwords, dates of birth, IP addresses and even biometric data was stolen from or lost by organisations and websites throughout 2016.

The total of 1,378,509, 261 billion data records being lost or stolen is almost double that of 2015, according to figures published in Gemalto's Breach Level Index Report for 2016. The report is based on analysis of 1,792 data breaches across the year, which saw the equivalent of 3,776, 738 data records compromised every single day. According to the company more than seven billion data records have been exposed since 2013.

Hackers and cyberattacks are by far the leading cause of data breaches, with these malicious outsiders accounting for 1,223 incidents detailed in the report - just over two thirds of the breaches which occurred during 2016.

Accidental loss of data accounts for 19 percent of incidents in which data was compromised, while nine percent were as a result of malicious insiders - employees who are actively working to leak data, be they doing so for revenge, financial gain or being coerced through blackmail.

And while arguably the most high profile breach of the year - the Russian cyberattack against the Democratic National Committee in the run up to the US election - had a huge impact, just one percent of recorded incidents last year were as a result of a state-sponsored cyberattack.

The report uses a 'risk assessment score' taking into account factors such as the number of records breached, the source of the breach and how the stolen information was used to score the breach out of ten - with a score 10 representing a 'catastrophic breach'.

Based on this scoring system, Gemalto points to the AdultFriendFinder data breach as the worst of 2016, scoring the maximum of 10. The hack exposed the accounts of 412 million users, including information on customers' e-mail addresses, IP addresses last used to log-in to the site and passwords - even of users who had deleted their accounts.

Other incidents which scored more than nine on risk assessment score include a cyberattack against the Philippines' Commission on Elections which exposed over 77 million records and a hack against Daily Motion which saw hackers steal information about 85 million accounts.

The most common reason for hackers to carry out a cyberattack in 2016 was identity theft, with three out of five breach occurring as hackers wanted access to personal data.

Not only is this information often not secured as much as financial data, but criminals can make an easy profit from it by selling it on underground forums. Stolen data of this kind can be used for anything from carrying out fraud, to gaining access to other accounts owned by the victim - especially if they use the same weak password across multiple services.

Hackers can also used information leaked in this way as a jumping off point for more complex schemes, potentially using the data to carry out phishing attacks against higher profile targets.

"Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large data bases such as entertainment and social media sites," says Jason Hart, vice president at Gemalto.

Unfortunately, the scope of data breaches is only likely to get worse as more and more device become connected to the Internet of Things - often with cybersecurity of the product often not being considered at all.

"IoT increases the number of attack vectors for cyber criminals. The more access to more data they have, the more creative the attacks," the report warns.

In order to cope with the increased threat of breaches, Gemalto recommends that security strategy needs to shift from "breach prevention" to "breach acceptance" with companies having a set plan they can adhere to if the company is attacked.

In order to effectively prepare for a breach, the report recommends organisations encrypt all sensitive data and securely store, manage all encryption keys and control access of users.

"By implementing each of these three steps into your IT infrastructure, companies can effectively prepare for a breach and avoid falling victim to one," it said.


Editorial standards