Despite a number of new data protection regulations coming into effect, some 4.5bn data records were compromised throughout the first half of 2018.
According to the Breach Level Index report, published by digital security company Gemalto, some 945 incidents occurred in that time, an increase of more than 18% on the previous six month period.
The number of breaches is down year-over-year. A total of 1,162 breaches were recorded in the first half of 2017.
However, the report shows that the severity of data breaches may be increasing, particularly when involving malicious actors. According to the report, the amount of data compromised in the first half of 2018 alone was already more than any other year. Some 743m records were stolen by malicious outsiders in the entirety of 2017, with more than five times that stolen in the first six months of the following year.
The vast majority of breached data was compromised by hackers. Some 80% of breaches were a result of malicious outsiders. A further 19% was due to accidental loss, with malicious insiders and hacktivists making up the remaining 1%.
According to Gemalto, the vast majority of these compromised data sets are then used in cases of identity theft. In 65% of all breaches, those behind them intended to use the compromised data to steal the identity of its rightful owner. Cases of identity theft rose by 13% on the second quarter of 2017, with 610 incidents reported. Some 87% of the 4.55bn records breaches put users at risk of identity theft.
How well do you really know your competitors?
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
Social media: A problem platform for data breaches
The increase in compromised records reported is hardly surprising, given the scale of some of the breaches that came to light earlier this year.
The most notable was a result of an oversight in Facebook’s public search function, which allowed malicious actors to scrape the data of its users by searching for a phone number of email address. Essentially, if somebody had access to a phone number or email address, they could find that person’s Facebook profile and scrape other public data, such as full name, location, date of birth, work history and more.
Facebook has since resolved the issue. However, according to Chief Technology Officer Mike Schroepfer, the majority of Facebook users likely had their profiles scraped in this way. Gemalto estimates that the data of 2.2bn users was compromised.
Due to the reporting of the Facebook breach, social media accounted for the most data stolen in the first half of 2018. Just six incidents resulted in 2.55bn compromised records, or 56% of the total.
Jason Hart, vice president and TCO for data protection at Gemalto, said:
“Obviously, this year social media has been the top industry and threat vector for the compromise of personal data, a trend we can expect to continue with more and more sectors leveraging these platforms to reach key audiences, especially political teams gearing up for major elections.”
Governmental records was the second most likely source of data theft or loss, accounting for 27% of the total. The retail and technology industries both accounted for 4% each.
GDPR: A failing deterrent?
Under the European Union’s newly implemented General Data Protection Regulation (GDPR), failing to protect the data of European users can see companies hit with a fine of €20m or 4% of global annual turnover, whichever is greater.
The tough fines are seemingly doing their job. According to the report, the number of incidents in Europe are likely to fall in 2018 year-on-year. Europe accounted for 6% of all incidents reported in 2017, equating to 112 incidents throughout the year or 56 in a six month period. In the first half of 2018, just 36 incidents, or 4%, occurred in Europe.
However, according to Gemalto, this isn’t a result of an increase in incidents or severity, but regulations like GDPR forcing compromised companies to disclose data theft or loss to regulators and users.
“We also expect to see more data breaches reported by European Union countries bound by the new General Data Protection Regulation and in Australia with the new Notifiable Data Breaches law. We should be careful not to misconstrue this as an increase in overall incidents in these areas but rather as a more accurate reflection of what is actually going on.”