In the first 6 months of 2019, the number of data breaches rose precipitously in comparison with the same periods within recent years, according to a report from Risk Based Security. It found that data breach numbers increased by more than 50% and that the amount of exposed data increased by roughly the same number.
All this comes after the number of data breaches held steady during the previous two years.
More than 1,300 data leaks occurred during the first 6 months of 2019. Most of these exposed both email addresses and passwords. While these occurrences were relatively small — with less than 250 records exposed per breach — they have led to a large amount of valuable user data being exposed online.
According to the report, the first half of 2019 saw more than 4 billion records exposed, wherein the same period in 2018 saw less than 3 billion records exposed. The report further indicated that 8 data breaches alone during the first half of 2019 accounted for more than 3 billion records exposed, which is nearly 80% of the total amount of records exposed. Out of these 8 breaches, 3 are considered among the biggest ever.
Out of the top 8 data breaches, 6 were related to misconfigured web applications and databases. These breaches occurred at the following organizations:
- Justdial: 100 million records exposed
- An unnamed Chinese company: 202 million records
- An unnamed Indian company: 275 million records
- Cultura Colectiva: 540 million records
- First American Financial: 885 million records
- Verifications.io: 982 million records
The report further found that nearly 80% of all data breaches occurring during the first half of 2019 were web-based. Only two of the top 8 breaches were not web-based.
But the news was not all bad. While the number of data breaches occurring during the first half of the year were larger than ever before, most of them had a low or moderate severity score, and they exposed less than 10,000 records.
The largest type of data records exposed in the breaches were email addresses and passwords. These types of data were present in the vast majority of data breaches. The report says that these types of data can not only be manipulated by hackers but that hackers could also use them for what is known as credential stuffing.
Data that experts believe is far more valuable was exposed far less. These types of data include physical addresses, Social Security numbers and credit card information, and they were present in only about 10% of breaches. Accounts numbers, which is another important piece of user data, were found in about the same percentage of breaches.