There was good news and bad news on data breaches in 2017. First the good news: the number of data breaches reported fell by 11% year over year to 1,765. The bad news is that more data records were compromised than in any other year.
According to Netherlands-based security firm Gemalto, more than 2.6 billion records were breached in 2017, which breaks down to 7.1 million lost records every day, nearly 300,000 every hour, nearly 5,000 every minute and 82 every second.
The five largest data breaches of 2017 were experienced by River City Media (1.34 billion email addresses); Deep Root Analytics (198 million records); Equifax (147.7 million records); Alteryx (120 million records); and Center for Election Systems at Kennesaw State University (7.5 million records). Four of the five were categorized as identity theft breaches — the exception was the River City Media breach.
Identity theft remains the most common type of data breach (69% or 1,222 incidents) and malicious outsiders were the leading source of data breaches (72% or 1,269 incidents).
Gemalto maintains a database of worldwide data breaches including the number of breaches, number of data records lost or stolen, and data breaches by the source of the breach, type of breach, industry and country or region. From the Breach Level Index database, the firm assigns a score based on the number of records breached, the source of the breach and how thieves used the data.
The biggest breach in 2017 exposed 1.34 billion records when an email marketing firm named River City Media failed properly to protect backups of its billion email accounts, resulting in the exposed data. Gemalto categorized this as a nuisance breach because River City Media is a well-known spammer that sends out as many as a billion emails a day.
The largest identity theft breach occurred when an outside contractor to the U.S. Republican National Committee accidentally exposed personal data of 198 million U.S. voters by misconfiguring an Amazon Web Services publicly available cloud server.
Excluding the massive data breach at River City Media, the sector with the greatest number of exposed records globally was government, with more than 1.3 billion, followed by nearly 405 million exposed by tech firms, about 236 million exposed by financial firms, 34.5 million by entertainment firms, nearly 34 million by health care organizations and 33.4 million by educational groups.
Of the 1,765 total incidents Gemalto recorded, 86% (1,514) occurred in North America with 1,453 in the United States alone. The United Kingdom with 80 incidents and Canada with 59 ranked second and third for number of breaches.
The full report is available from the Gemalto website.