In 2014, more than 1 500 data breaches led to one billion data records being compromised worldwide.
This is according to the findings of the Gemalto Breach Level Index (BLI), which reveals these numbers represent a 49% increase in data breaches and a 78% increase in data records that were either stolen or lost compared to 2013.
The report gathered extensive publicly-available information about data breaches throughout the world. The information was analysed in terms of the number of breaches, the number of data records lost, and data breaches by industry, type of breach, source and country or region.
Gemalto discovered data breaches totalled 1 540 in 2014, up 46% from the 1 056 the orevious year. Even more dramatic was the rise in data records involved in the breaches. That jumped 78%, from about 575 million in 2013 to more than one billion in 2014, it adds.
From a time perspective, says Gemalto, in 2014 some 2 803 036 data records were stolen or lost every day; 116 793 every hour; 1 947 every minute; and 32 every second.
According to data in the BLI, the main motivation for cyber criminals in 2014 was identity theft with 54% of the all data breaches being identity theft-based.
"Many of the breaches in 2014 involved the theft or compromise of identifiable information, such as names, addresses and social security numbers. In comparison, many of the thefts in 2013 involved financial information such as credit card numbers," says Tsion Gonen, vice-president of strategy for identity and data protection at Gemalto.
In addition, identity theft breaches also accounted for one-third of the most severe data breaches categorised by the BLI as either 'catastrophic' (with a BLI score of between 9 and 10) or 'severe' (7 to 8.9).
Secure breaches, which involved breaches of perimeter security where compromised data was encrypted in full or in part, increased from 1% to 4%.
Gonen says despite the growing interest of encryption technology as a means to protect information and privacy, only 58 of the data breach incidents in 2014, or less than 4% of the total, involved data that was encrypted either partially or fully.
"We're clearly seeing a shift in the tactics of cyber criminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number," says Gonen. "Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes. As data breaches become more personal, we're starting to see that the universe of risk exposure for the average person is expanding," he adds.
One of the notable hacks in 2014 was the breach against Home Depot. The US-based home improvement specialty retailer was the victim of a financial access attack that involved 109 million records and scored a 10 on the risk assessment scale, says Gemalto.
The other prominent breach involved the Korea Credit Bureau, which suffered an identity theft breach that involved some 104 million records and scored a 10 on the risk assessment scale. US bank JP Morgan Chase also suffered an identity theft breach that resulted in 83 million records being compromised, also scoring a 10.0 on the risk assessment scale.
"Not only are data breach numbers rising, but the breaches are becoming more severe," adds Gonen. "Being breached is not a question of 'if' but 'when.'
"Breach prevention and threat monitoring can only go so far, and do not always keep the cyber criminals out. Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data. That way, if the data is stolen it is useless to the thieves."
Share