Risk Based Security (RBS), a provider risk analysis tools and data breach information, has released a report analysing the data breaches which have occurred in 2017. The report revealed that there has been a 305% increase in the number of records exposed in data breaches; 2.3 billion stolen in 2016 to 7.09 billion stolen in 2017.
In compiling the report, RBS analyzed breach reports from the first 9 months of 2017. Commenting on their findings in a blog post on their website, RBS that 2017 has been “yet another ‘worst year ever’ for data breaches.”
RBS found that there were 3,833 reported incidents of breaches in 2017. Over a third of them occurred in Q3, 2017, with 1,465 data breaches reported during this time. It is estimated that, so far in 2017, more than 7 billion records have been exposed or stolen.
The RBS report shows that since May, there has been a steady rise in publicly disclosed data breaches. September was recorded as the worst month of the year at the time of writing the report. More than 600 data breaches were disclosed in September alone.
The huge number of files compromised in 2017 reflects the trend seen in the past five years; there is a year-on-year increase in the number of files being stolen. In 2013 1,966 data breaches were reported, in comparison with 3,833 in 2017. Year on year, the number of reported data breaches has increased by 18.2%.
While the number of data breaches has just over doubled, the severity of data breaches has increased at a much higher rate. In 2016, 2.3 billion records were exposed in the first 9 months of the year. In 2017, the figure jumped to 7.09 billion. This reflects an increase of 305%.
The majority of the exposed records in 2017 came from five breaches, which exposed approximately 78.5% of all the records exposed so far in 2017.
For example, the breach at DU Caller exposed 2,000,000,000 records alone; nearly 30% of the total files exposed for the first three quarters of 2017 compromised in a single breach. The River City Media breach was of a similar scale, with 1,374,159,612 records exposed. An unnamed web breach exposed a further 711,000,000 records, and the EmailCar breach saw 267,000,000 records compromised.
The five largest breaches in 2017 were on such a scale that they all made the top ten list of the worst data breaches of all time, with three of them ranked in the top five. With the exception of one breach in 2014, all of the top ten data breaches of all time have been discovered in 2016 (4) and 2017 (5). RBS reports that 69 data breaches reported in 2017 that involved the exposure or more than a million records.
By far, the prevalent cause data breaches in 2017 was hacking.It is estimated that 1,997 data breaches were due to hacking, over half of the total. A further 433 breaches were due to skimming. Phishing was behind 290 breaches, viruses caused 256 breaches, and 206 breaches were due to web attacks.
Despite the relatively small number of attacks occurring due to web attacks, these attacks resulted in the greatest number of exposed records. About 68.5% of the total number of files compromised were due to web attacks. For comparison, hacking-which was responsible for over half the breaches-only accounted for 30.9% of exposed records.
RBS’s report showed that the business sector has been worst affected by data breaches in 2017, with 68.5% of the total number of breaches being reported by this industry. ‘Unknown’ was the second most attacked sector, reporting 12.6% of the breaches. Medical data breaches were in third place accounting for 8.5% of the total.