Leaked data records surge to 36bn worldwide in 2020

Read time 5min 00sec

The number of leaked data records exposed globally reached 36.1 billion in the first three quarters of 2020 − more than double the number of records leaked in the entire 2019.

This is according to a report compiled by VPN provider, Atlas VPN, based on global risk-based security data, which reveals leaked data records through Q3 2020 globally make up more than half of combined leaked data in the past five years.

With a global pandemic, devastating wildfires, increasing cyber crimes and the political divide, it is not surprising that 2020 was named the most challenging year in the past decades, notes the study.

The year has been grim for data privacy as well, with leaked personal data records reaching numbers the world has never seen before, says Atlas VPN.

According to the report, the first three quarters of 2020 saw a 332% increase in leaked data records compared to the same period last year when 8.35 billion records were exposed.

Looking at the historical data, Atlas VPN notes leaked data records surged by 1 453% from 2.33 billion by Q3 2016, to 36.1 billion in 2020.

In terms of the data leak numbers quarter by quarter, the report notes that from Q4 of 2019 to Q1 of 2020, leaked data numbers rose by 24%, from 6.84 billion to 8.45 billion – the most records exposed in any Q1 period over the past five years.

In Q2, the numbers of data leaked increased again, spiking by 128% to a historical high of 19.23 billion. In Q3, the number of exposed data records dropped by 56% to 8.43 billion – nevertheless, this number is still higher than in any Q3 period since 2015.

Local measures, victims

The South African Parliament earlier this month passed the Cyber Crimes Bill, which will be submitted to the president for assent.

The Bill creates many new categories of offences, with the majority related to data, messages, computers and networks involving hacking, the unlawful interception of data, ransomware attacks, cyber forgery and uttering, and cyber extortion.

It comes on the back of several South African companies falling prey to cyber criminals in 2020.

Most recently, big four bank Absa suffered a data leak, when an employee unlawfully made selected customer data available to a small number of external parties.

In August, Experian, a consumer, business and credit information services agency, experienced a breach of data which exposed some personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.

In the same month, Lombard Insurance announced it had been the victim of a cyber attack on some of its systems by criminals targeting its data.

In September, JSE-listed construction group Stefanutti Stocks was hit by a cyber attack, which resulted in temporary disruption to certain central administrative functions.

According to government, any person who contravenes the Cyber Crimes Bill can be liable on conviction to a fine or imprisonment for a period exceeding three years or to both, when the Bill is enacted.

Data breaches decline

While the number of leaked data records for 2020 is alarming, Atlas VPN points out that the incidents of data breaches dropped by 51% compared to the same period last year, when 6 021 violations were reported.

A data breach is the term that is more commonly used when discussing the public exposure of confidential data from an external source, while a data leak is encompassed by the exposure of a vulnerability or information, according to security firm Sandstorm. This differs from a data breach, in that the exposure of leaked data cannot be confirmed to have reached the masses.

The decrease in the number of breaches is caused by a general slowdown in such event reporting rather than the actual drop in breach activity, says the report. Yet, breaches are growing in severity, exposing more and more records every year.

The COVID-19 pandemic and remote working are likely to be the primary reasons for such a change in reporting behaviour, according to the report.

"Data breaches are growing in severity, with fewer breaches exposing more records than ever before," says Rachel Welch, COO of Atlas VPN.

“Businesses should take note of this and make cyber security one of their top priorities next year. It is always better to be safe than sorry, especially when it comes to private data, as one unfortunate event can cost a company its reputation.”

The most commonly exposed data types are names (45%), e-mails (36%) and passwords (29%) − all the key information needed for accessing someone's account.

While no economic sector is guarded against cyber breaches, some sectors suffered more than others. The healthcare sector continues to suffer the most data breaches out of all economic sectors in the first three quarters of 2019 and 2020.

Through Q3 2019, the healthcare sector had 343 breaches, while in 2020, it faced 341 breaches, which account for 12% of breaches so far this year.

The fast-growing information communication sector, including software creators, data processing, hosting, streaming services and Web sites, was also highly targeted in 2020. It had 306 data breaches, which make up 10% of all breaches through Q3 this year. The number rose by 31% compared to the same period last year when 234 breaches happened.

Occupying the third spot in the list is the financial and insurance sector, with 274 breaches within the first three quarters of 2020 accounting for 9% of total violations this year so far.

“The financial industry is highly lucrative for cyber criminals. Therefore, data breaches affecting the sector were almost as high last year when 263 breaches were detected,” notes the report.

See also