Over the course of last year, security firm Risk Based Security reported 5,207 data breaches that exposed some 7.89 billion records. The five largest breaches alone exposed 5.7 billion (72.2%) of all records.
The United States experienced nearly 45% (2,330) of all breaches but finished behind China in the number of exposed records with 2.32 billion to China’s 3.82 billion. On a percentage basis, more than half (52%) of all exposed records were the result of Chinese data breaches.
China suffered just 27 data breaches last year to rank seventh in the world, but the median number of records exposed in those incidents ran to nearly 11.75 million per breach. The U.S. median per breach was just 1,458.
Inga Goddijn, executive vice president at Risk Based Security, said:
The level of breach activity this year was disheartening. We knew things were off to a bad start once the phishing season for W-2 data kicked into high gear. But by the time April 18th came and went, breach disclosures leveled off and we went into summer hopeful the worst was behind us. Unfortunately, that wasn’t the case.
The security firm also noted that of 3,904 breaches with a confirmed discovery method, only 728 (18.6%) were discovered by the organization responsible for protecting the data. Goddijn commented:
We’re seeing a lot of interest in calling out organizations that mishandle sensitive data. Several of the security researchers that are actively engaged in searching for exposed datasets are no longer willing to keep their findings confidential. Likewise, more individuals are calling out breaches when they discover their own data is exposed.
According to Risk Based Security, four of the five largest breaches of all time occurred last year, and the largest only missed being included in the 2017 total by about two weeks. Here are the five biggest breaches ever:
- Yahoo: United States; 3.0 billion exposed records
- DU Caller: China; 2.0 billion exposed records
- River City Media: United States; 1.3 billion exposed records
- NetEase (dba 163.com): China; 1.2 billion exposed records
- Unknown organization: Netherlands; 711 million exposed records.
The Risk Based Security report offers more details and information on last year’s data breaches. The report also contains a list of the 20 largest data breaches of all time.