BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

2014 Data Breaches – A Billion Exposed Records – A New All Time High

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 23 Feb 2015 14:00:31 -0700
https://www.riskbasedsecurity.com/2015/02/2014-data-breaches-a-billion-exposed-records-a-new-all-time-high/

Risk Based Security has released its 2014 Year-End Data Breach QuickView
Report highlighting the data breach trends over the past twelve months.
2014 added five incidents to the “Top 10 All Time Largest Incidents” list.
The details are not pretty.

The past year will stand out for a number of reasons and unfortunately, few
of them are good. A record-breaking 1.1 billion personal and sensitive
records were compromised in 2014 across 3,014 incidents. Compared to 2013,
that is a 22.3% increase in the number of records lost and a 28.5% increase
in the number of data breaches disclosed. What’s more, it is clear from our
analysis that malicious actors are winning the security battle, with
hacking and fraudulent activity accounting for a staggering 97.6% of the
records lost.

“Although many security experts will point to Sony as the “Hack” of the
year, we can’t lose sight of the other 3,013 incidents occurring in 2014”,
said Barry Kouns, Risk Based Security’s CEO. “We must recognize that
incidents are being reported on an average of eight per day, and we need to
find a way to turn the tide.” added Kouns.

Year-end analysis shows the trend of targeting user credentials continues
unabated and it is understandable as to why. No matter how sophisticated
the attack might be, gaining access to the system is a key first step.
Analysis of 2014 events shows passwords, user names and email addresses
remain the most targeted data types. A closer examination of the incidents
involving login credentials reveals lower profile websites and services are
often targeted for this type of data theft. Malicious actors understand
human nature and the tendency to reuse and recycle passwords. By collecting
hundreds of user credentials from different sources, those same credentials
may be valid for opening the doors to a much larger target.

“Even though most organizations can’t identify with the high-profile, large
breaches that gain the most publicity, 72.5% of 2014’s incidents exposed
between one and ten thousand records,” said Kouns. “Those numbers we can
identify with and this year’s incidents highlight just how vulnerable most
organizations are to a data breach.”

2014 is also notable for the size and audacity of the incidents taking
place. The year began with 110 million credit card numbers with expiration
dates being compromised in South Korea due to insider fraud. Four other
events this year made the top 10 list for the largest incidents of all
time, including the 220 million records exposed in a second incident in
South Korea. While the volume of compromised data is astounding, the
numbers do not include perhaps the most infamous breach of 2014, the events
at Sony. While the total number of records lost in that breach has not yet
been determined, the event has clearly made an impact far beyond that of
any other large incident. The unprecedented release of sensitive internal
documents and intellectual property may ultimately prove to be more
damaging than whatever the final record count may reflect. The Sony breach
has also ushered in a renewed national focus on cyber security. New breach
notification and other cyber legislation is currently making its way
through Congress and just this month the White House announced the
formation of an agency dedicated to gathering and detecting cyber threat
intelligence. The success of these initiatives remains to be seen but it is
clear the impact of 2014 will continue to be felt throughout the coming
months and maybe years.

About the Data Breach QuickView Report

The Data Breach QuickView report is intended to be an executive level
summary of the key findings from RBS’ analysis of 2014’s data breach
incidents. Contact Risk Based Security for your customized analysis of the
2014 data breaches.

You can view the 2014 Data Breach QuickView report here:

https://www.riskbasedsecurity.com/reports/2014-YEDataBreachQuickView.pdf

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: