In the first half of 2017, over 6 billion records were exposed through 2,227 publicly disclosed data breaches, according to a July report from Risk Based Security. The number of records that were exposed in the first half of this year is already higher than the previous all-time high at the end of 2016, and the top 10 breaches exposed 5.6 billion of the 6 billion total compromised records.
The business sector accounted for 56.5 percent of the reported breaches, the report found. It was followed by unknown (17 percent), the government (9.1 percent), the medical sector (9 percent) and education (8.4 percent).
These numbers differ from the total records exposed by data breaches. Here, the business sector accounted for 93 percent, followed by government and unknown, which were found to show approximately 3 percent. Medical and education sectors combined were found to account for less than 1 percent of the total records exposed year to date.
By country, SecurityWeek reported that the U.S. had the largest number of data breaches at 1,367. It was followed by the U.K. at 104, Canada at 59, India at 52 and Australia at 34. However, the publication also noted that China accounted for over 48 percent of the records exposed, or 3.8 billion records, even though only 22 known breaches happened within the country.
Inadvertent online disclosures were the highest cause of records compromised so far this year, accounting for 68 percent of records exposed. Interestingly, these compromises only accounted for about 7 percent of the incidents reported so far in 2017, according to the Risk Based Security report.
Tax Data Breaches Threaten Social Security
Attacks on tax data trended upward in the first half of the year. Exposure of confidential W-2 information increased by 25 percent since 2016, with accounting firms and payroll service providers most vulnerable. Another high-profile target in this sector was the Job Link Alliance, which is a workforce development specialist that serves state employment agencies across the U.S. That compromise involved approximately 5.5 million job seekers’ names, addresses, dates of birth and Social Security numbers.
The report also found that incidents impacting Social Security numbers increased from 17.6 percent in 2016 to 26.1 percent in 2017. When coupled with personal information such as name, date of birth or physical address, that information could be particularly dangerous in the hands of cybercriminals.
Overall, Risk Based Security’s report showed how breaches are changing in focus over time, yet they remain as serious as ever. Security professionals should stay informed of annual changes and adjust defenses accordingly.