There were 3,676 publicly disclosed global data breaches in the first three quarters of 2018 that exposed more than 3.6 billion user data records. Both totals were well below last year’s 4,003 breaches and more than 7 billion exposed records.
More than 44% of the incidents occurred in the United States, while less than a third of exposed records (32.4%) occurred within the United States. The country with the largest number of exposed records in the first three quarters of the year is India (1.23 billion records).
The 1,626 reported U.S. breaches exposed 1.16 billion records, for an average of about 960,000 per breach but a median of just 1,541 per breach. China (302.5 million) and Germany (121.8 million) were the only other countries where more than 100 million records were exposed. The United Kingdom has experienced the second-largest number of breaches with 119.
The data were reported Thursday by security firm Risk Based Security. Executive Vice President Inga Goddijn said:
Despite the decrease from 2017, the overall trend continues to be more breaches and more ‘mega breaches’ impacting tens of millions, if not hundreds of millions, of records at once. … The primary difference between 2018 and 2017 is the lack of a catastrophic event like the WannaCry and Petya/NotPetya outbreaks that left an indelible mark on 2017. All it will take is another EternalBlue exploiting another widespread vulnerability to put us right back at at ‘worst year ever’ level of activity.
According to Risk Based Security, the largest reported breach in the first nine months of the year was reported by an unnamed Indian organization that exposed 1.19 billion names and unique identification numbers (Aadhaar numbers). This breach is the fifth largest of all time, according to the firm.
Four other breaches so far this year made the top 20 all-time list of breaches:
- Number 8: Swiss business software company Veeam exposed 445 million detailed customer records.
- Number 12: U.S. marketing company Exactis exposed 340 million records.
- Number 13: Social media giant Twitter exposed 336 million records.
- Number 15: Chinese hotel operator Huazhu exposed 240 million customer contact details and bank account numbers.
The U.S. state hit hardest by data breaches was California, where 152 breaches were logged and about 548 million records were exposed. In addition to California, two other states posted more than 100 million exposed records: Florida (341 million) and Maryland (151 million).
Hacking is the leading cause of data breach incidents, accounting for 57% of incidents but just 21.8% of exposed records. Fraud, which accounts for just 3.3% of incidents, is responsible for the exposure of 35.7% of all records.