Gemalto releases findings of 2016 Breach Level
Index
Index
Almost 1.4 billion data records
compromised in 2016 as hackers targeted large-scale databases across industries
compromised in 2016 as hackers targeted large-scale databases across industries
Singapore – March 28, 2017– Gemalto (Euronext NL0000400653 GTO), the world leader in digital
security, today released the findings of the Breach Level Index revealing that 1,792 data breaches led to
almost 1.4 billion data records being compromised worldwide during 2016, an
increase of 86% compared to 2015. Identity theft was the leading type of data
breach in 2016, accounting for 59% of all data breaches. In addition, 52% of
the data breaches in 2016 did not disclose the number of compromised records at
the time they were reported.
security, today released the findings of the Breach Level Index revealing that 1,792 data breaches led to
almost 1.4 billion data records being compromised worldwide during 2016, an
increase of 86% compared to 2015. Identity theft was the leading type of data
breach in 2016, accounting for 59% of all data breaches. In addition, 52% of
the data breaches in 2016 did not disclose the number of compromised records at
the time they were reported.
The Breach Level Index is a global database
that tracks data breaches and measures their severity based on multiple
dimensions, including the number of records compromised, the type of data, the
source of the breach, how the data was used, and whether or not the data was
encrypted. By assigning a severity score to each breach, the Breach Level Index
provides a comparative list of breaches, distinguishing data breaches that are
a not serious versus those that are truly impactful (scores run 1-10).
According to the Breach Level Index, more than 7 billion data records have been
exposed since 2013 when the index began benchmarking publicly disclosed data
breaches. Breaking it down that is over 3 million records compromised every day
or roughly 44 records every second.
that tracks data breaches and measures their severity based on multiple
dimensions, including the number of records compromised, the type of data, the
source of the breach, how the data was used, and whether or not the data was
encrypted. By assigning a severity score to each breach, the Breach Level Index
provides a comparative list of breaches, distinguishing data breaches that are
a not serious versus those that are truly impactful (scores run 1-10).
According to the Breach Level Index, more than 7 billion data records have been
exposed since 2013 when the index began benchmarking publicly disclosed data
breaches. Breaking it down that is over 3 million records compromised every day
or roughly 44 records every second.
Last year, the account access based attack on
AdultFriend Finder exposing 400 million records scored a 10 in terms of severity
on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI:
9.8), Philippines’ Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI:
9.7) and Dailymotion (BLI: 9.6). In fact the top 10 breaches in terms of
severity accounted for over half of all compromised records. In 2016, Yahoo!
reported two major data breaches involving 1.5 billion user accounts, but are
not accounted for in the BLI’s 2016 numbers since they occurred in 2013 and
2014.
AdultFriend Finder exposing 400 million records scored a 10 in terms of severity
on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI:
9.8), Philippines’ Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI:
9.7) and Dailymotion (BLI: 9.6). In fact the top 10 breaches in terms of
severity accounted for over half of all compromised records. In 2016, Yahoo!
reported two major data breaches involving 1.5 billion user accounts, but are
not accounted for in the BLI’s 2016 numbers since they occurred in 2013 and
2014.
“The Breach Level Index highlights four major
cybercriminal trends over the past year. Hackers are casting a wider net and
are using easily-attainable account and identity information as a starting
point for high value targets. Clearly, fraudsters are also shifting from
attacks targeted at financial organizations to infiltrating large data bases
such as entertainment and social media sites. Lastly, fraudsters have been
using encryption to make breached data unreadable, then hold it for ransom and
decrypting once they are paid”, said Jason Hart, Vice President and Chief Technology Officer for
Data Protection at Gemalto.
cybercriminal trends over the past year. Hackers are casting a wider net and
are using easily-attainable account and identity information as a starting
point for high value targets. Clearly, fraudsters are also shifting from
attacks targeted at financial organizations to infiltrating large data bases
such as entertainment and social media sites. Lastly, fraudsters have been
using encryption to make breached data unreadable, then hold it for ransom and
decrypting once they are paid”, said Jason Hart, Vice President and Chief Technology Officer for
Data Protection at Gemalto.
Data Breaches by Type
In 2016, identity theft was the leading type
of data breach, accounting for 59% of all data breaches, up by 5% from 2015.
The second most prevalent type of breach in 2016 is account access based
breaches. While the incidence of this type of data breach decreased by 3%, it
made up 54 % of all breached records, which is an increase of 336% from the
previous year. This highlights the cybercriminal trend from financial
information attacks to bigger databases with large volumes of personally
identifiable information. Another notable data point is the nuisance category
with an increase of 102% accounting for 18% of all breached records up 1474%
since 2015.
of data breach, accounting for 59% of all data breaches, up by 5% from 2015.
The second most prevalent type of breach in 2016 is account access based
breaches. While the incidence of this type of data breach decreased by 3%, it
made up 54 % of all breached records, which is an increase of 336% from the
previous year. This highlights the cybercriminal trend from financial
information attacks to bigger databases with large volumes of personally
identifiable information. Another notable data point is the nuisance category
with an increase of 102% accounting for 18% of all breached records up 1474%
since 2015.
Data Breaches by Source
Malicious outsiders were the leading source of
data breaches, accounting for 68% of breaches, up from 13% in 2015. The number
of records breached in malicious outsider attacks increased by 286% from 2015.
Hacktivist data breaches also increased in 2016 by 31%, but only account for 3%
of all breaches that occurred last year.
data breaches, accounting for 68% of breaches, up from 13% in 2015. The number
of records breached in malicious outsider attacks increased by 286% from 2015.
Hacktivist data breaches also increased in 2016 by 31%, but only account for 3%
of all breaches that occurred last year.
Data Breaches by Industry
Across industries, the technology sector had
the largest increase in data breaches in 2016. Breaches rose 55%, but only
accounted for 11% of all breaches last year. Almost 80% of the breaches in this
sector were account access and identity theft related. They also represented
28% of compromised records in 2016, an increase of 278% from 2015.
the largest increase in data breaches in 2016. Breaches rose 55%, but only
accounted for 11% of all breaches last year. Almost 80% of the breaches in this
sector were account access and identity theft related. They also represented
28% of compromised records in 2016, an increase of 278% from 2015.
The healthcare industry accounted for 28% of
data breaches, rising 11% compared to 2015. However, the number of compromised
data records in healthcare decreased by 75% since 2015. Education saw a 5%
decrease in data breaches between 2015 and 2016 and a drop of 78% in
compromised data records. Government accounted for 15% of all data breaches in
2016. However the number of compromised data records increased 27% from 2015.
Financial services companies accounted for 12% of all data breaches, a 23%
decline compared to the previous year.
data breaches, rising 11% compared to 2015. However, the number of compromised
data records in healthcare decreased by 75% since 2015. Education saw a 5%
decrease in data breaches between 2015 and 2016 and a drop of 78% in
compromised data records. Government accounted for 15% of all data breaches in
2016. However the number of compromised data records increased 27% from 2015.
Financial services companies accounted for 12% of all data breaches, a 23%
decline compared to the previous year.
All industries listed in the ‘Other’ category
represented 13% of data breaches and 36% of compromised data records. In this
category, the overall number of data breaches decreased by 29%, while the
number of compromised records jumped by 300% since 2015. Social media and
entertainment industry related data breaches made up the majority.
represented 13% of data breaches and 36% of compromised data records. In this
category, the overall number of data breaches decreased by 29%, while the
number of compromised records jumped by 300% since 2015. Social media and
entertainment industry related data breaches made up the majority.
Last year 4.2% of the total number of breach
incidents involved data that had been encrypted in part or in full, compared to
4% in 2015. In some of these instances, the password was encrypted, but other
information was left unencrypted. However of the almost 1.4 billion records
compromised, lost or stolen in 2016, only 6% were encrypted partially or in
full (compared to 2% in 2015).
incidents involved data that had been encrypted in part or in full, compared to
4% in 2015. In some of these instances, the password was encrypted, but other
information was left unencrypted. However of the almost 1.4 billion records
compromised, lost or stolen in 2016, only 6% were encrypted partially or in
full (compared to 2% in 2015).
“Knowing exactly where their data
resides and who has access to it will help enterprises outline security
strategies based on data categories that make the most sense for their
organizations. Encryption and authentication are no longer ‘best practices’ but
necessities. This is especially true with new and updated government mandates
like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S
state-based and APAC country-based breach disclosure laws. But it’s also about
protecting your business’ data integrity, so the right decisions can be made
based on accurate information, therefore protecting your reputation and your
profits.”
resides and who has access to it will help enterprises outline security
strategies based on data categories that make the most sense for their
organizations. Encryption and authentication are no longer ‘best practices’ but
necessities. This is especially true with new and updated government mandates
like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S
state-based and APAC country-based breach disclosure laws. But it’s also about
protecting your business’ data integrity, so the right decisions can be made
based on accurate information, therefore protecting your reputation and your
profits.”
Additional Resources:
· For a full summary of data breach incidents by
industry, source, type and geographic region, download the 2016 Breach Level Index Report or access the eBook here.
industry, source, type and geographic region, download the 2016 Breach Level Index Report or access the eBook here.
· Download the infographic here.
· Visit the BLI website here.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!