July 27, 2017 By Larry Loeb 2 min read

In the first half of 2017, over 6 billion records were exposed through 2,227 publicly disclosed data breaches, according to a July report from Risk Based Security. The number of records that were exposed in the first half of this year is already higher than the previous all-time high at the end of 2016, and the top 10 breaches exposed 5.6 billion of the 6 billion total compromised records.

Affected Sectors

The business sector accounted for 56.5 percent of the reported breaches, the report found. It was followed by unknown (17 percent), the government (9.1 percent), the medical sector (9 percent) and education (8.4 percent).

These numbers differ from the total records exposed by data breaches. Here, the business sector accounted for 93 percent, followed by government and unknown, which were found to show approximately 3 percent. Medical and education sectors combined were found to account for less than 1 percent of the total records exposed year to date.

By country, SecurityWeek reported that the U.S. had the largest number of data breaches at 1,367. It was followed by the U.K. at 104, Canada at 59, India at 52 and Australia at 34. However, the publication also noted that China accounted for over 48 percent of the records exposed, or 3.8 billion records, even though only 22 known breaches happened within the country.

Inadvertent online disclosures were the highest cause of records compromised so far this year, accounting for 68 percent of records exposed. Interestingly, these compromises only accounted for about 7 percent of the incidents reported so far in 2017, according to the Risk Based Security report.

Tax Data Breaches Threaten Social Security

Attacks on tax data trended upward in the first half of the year. Exposure of confidential W-2 information increased by 25 percent since 2016, with accounting firms and payroll service providers most vulnerable. Another high-profile target in this sector was the Job Link Alliance, which is a workforce development specialist that serves state employment agencies across the U.S. That compromise involved approximately 5.5 million job seekers’ names, addresses, dates of birth and Social Security numbers.

The report also found that incidents impacting Social Security numbers increased from 17.6 percent in 2016 to 26.1 percent in 2017. When coupled with personal information such as name, date of birth or physical address, that information could be particularly dangerous in the hands of cybercriminals.

Overall, Risk Based Security’s report showed how breaches are changing in focus over time, yet they remain as serious as ever. Security professionals should stay informed of annual changes and adjust defenses accordingly.

More from

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

Self-replicating Morris II worm targets AI email assistants

4 min read - The proliferation of generative artificial intelligence (gen AI) email assistants such as OpenAI’s GPT-3 and Google’s Smart Compose has revolutionized communication workflows. Unfortunately, it has also introduced novel attack vectors for cyber criminals. Leveraging recent advancements in AI and natural language processing, malicious actors can exploit vulnerabilities in gen AI systems to orchestrate sophisticated cyberattacks with far-reaching consequences. Recent studies have uncovered the insidious capabilities of self-replicating malware, exemplified by the “Morris II” strain created by researchers. How the Morris…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today