Last updated: 16 May 2016
Here’s the good news first: Just released by Gemalto and based on publicly available breach information, the Breach Level Index (BLI) report for H1 2015 shows that the number of data records lost or stolen in the first half of this year – 245.9 million records* total – was down by about 40% compared to the first half of 2014, when 414.8 million records were breached.
However, note the asterisks after the 245.9 million records in the paragraph above. In nearly 50% of the reported data breaches in first six months of 2015 it was not known how many data records were compromised. So while the downward trend seems promising, the reality is that it’s quite possible that if more organizations in H1 2015 were compelled to disclose exactly how many records were lost or stolen, the picture might not be as uplifting.
What we do know for sure thanks to the new BLI report is that there were a total of 888 data breaches in H1 2015, up 10% from the 803 breaches that occurred during the same period of time last year. Additionally, of the 245.9 million records that were lost or stolen according to the BLI, 82% were the result of the 10 biggest breaches in the half.
The biggest of the top 10 was the Anthem Insurance identity theft breach, a state-sponsored cyber attack that made headlines and in which 78.8 million records were stolen – accounting for 32% of the total records lost/stolen in H1 2015. This impacted Anthem’s major insurance brands like Blue Cross and Blue Shield, Amerigroup, Caremore and UniCare.
Unsurprisingly, in light of this single colossal breach, healthcare was the industry hit hardest in H1 2015 both in terms of records lost/stolen and breaches – with 34% of the compromised records and 21.1% of the total data breaches recorded in the half coming from this sector.
While the Anthem breach was the largest state-sponsored breach in the half, it wasn’t the only top five breach attributed to a state-sponsored attack. In June 2015, the U.S. Office of Personnel Management (OPM) was the target of a data breach that involved some 21 million records. This was a state-sponsored identity theft attack, which has been described by federal officials as among the largest breaches of government data in the history of the U.S. Information targeted in the breach included personally identifiable information such as Social Security numbers, names, dates and places of birth, and addresses.
As a result of these and other state-sponsored attacks in H1 2015, the records lost or stolen as a result of state-sponsored breaches rose from 3 million in H1 2014 and 6.9 million in H2 2014 to 102.8 million in H1 2015.
While state-sponsored breaches were devastating and grabbed headlines, malicious outsiders were the top source of breaches in H1 2015 – accounting for 62% of the breaches.
The top malicious outsider breach for the half was that of Turkey’s General Directorate of Population and Citizenship Affairs agency, which suffered an identity theft attack that resulted in the theft of 50 million records. According to the Presidency’s State Audit Institution (DDK), the servers of the administration’s Web site were easily breached, and information about citizens were stolen.
Malicious outsiders also contributed to the fourth and fifth most notable breaches in the half. At number four, malicious outsiders stole the user names and email addresses of 20 million users of the Russia-based online dating service Topface. Rounding out the top five, Gaana.com, an Indian music streaming service, suffered a breach in which malicious outsiders stole 10 million records – including user names, email addresses, passwords, birthdates and other personal information of users of the service.
Five of the top 10 breaches in the first half, including the top three, were identity theft breaches, and identity theft accounted for more than half (53%) of all the attacks and nearly three-quarters (74.9%) of compromised data records. Identity theft has been the leading type of data breach at least since the first half of 2013.
Financial access was the second leading type of data breach in the half, accounting for 22% (197) breaches. Other types included existential data (96 breaches, 10.8%), account access (93 breaches, 10.5%) and nuisance (30 breaches, 3.4%).
While all of those numbers are unsettling, what is most concerning to me is that only 4% of these breaches were “secure breaches” in which encryption was used and the data stolen was rendered useless – staying flat from H2 2014. The numbers I mentioned above just emphasize that breaches of varying types will continue to threaten organizations in every industry, and clearly breach prevention strategies are failing. Identity and access management, encryption, and crypto management can’t guarantee that organizations won’t appear on a future breach report, but they can ensure that sensitive data isn’t compromised when a breach does occur.
There is a lot more to learn about the state of breaches in 2015. Read the Breach Level Index H1 2015 report and check out the infographic to get all of the insights from the BLI. You can also check out breachlevelindex.com for breach tracking data from around the world.