291 records breached per second in first half of 2018 | Cyber Security

Over 4.5 billion data records were breached in the first half of this year, according to a report from Gemalto’s Breach Level Index released this week. That’s the highest number of breaches ever in a single six-month time period, but a deeper dive reveals an even more worrying trend.

Gemalto, which sells authentication and data storage products, produces an analysis every six months of the reported breaches from each period. This total number of breached records in this year’s first half (1H) report equated 291 breached records every second, on average.

-per-breach is growing

The general rise in the volume of lost records is alarming enough (1H 2018’s figure is up 1,751% on 1H 2015), but what’s really scary is the average number of records per data breach incident. It’s growing quickly.

2015: 245.9m records across 999 incidents. That’s 276,936 records per incident.

2016: 554.5m records across 974 incidents. That’s 569,255 records per incident.

2017: 2.6bn records across 1765 incidents. That’s 1.47m records per incident.

2018: 4.5bn records across 945 breaches. That’s 4.8m records per incident.

The distribution of these compromised records on a per-breach basis isn’t equal, of course. There were some absolute whoppers in early 2018.

Gemalto has a risk scoring system for breached companies, with 9 or 10 rated ‘catastrophic’. There were four breaches in this category in 1H 2017: Facebook, Aahaar, Exactis, and Under Armour.

Facebook’s social media scraping breach, in which most of its 2.2bn users could have had their personal information scraped, scored a 10, as did Aadhaar, India’s government-backed citizen ID system. It saw its 1.2bn citizens’ records accessible via an anonymous service that would give it access to information including their name, address, photo, phone number and email address.

Malicious outsiders

Under Armour fell victim to a malicious hacker and lost up to 150m accounts. In this and the other breaches, malicious outsiders were to blame. No wonder, then, that malicious outsiders topped the list of breach sources, accounting for 56% of reported incidents and four in five breached records. It knocked accidental loss from the top spot as a source of data breaches, accounting for 34% of losses and just one in five (19%) of affected records.

Accidental loss was responsible for the other catastrophic-level breach in 1H 2018, though. Floridian data broker Exactis left 340m records about US citizens and businesses on an Amazon S3 server. Every record had information on over 400 variables, including whether they have pets, what their religion is and whether they smoked.