Over the course of 2018, security firm Risk Based Security reported 6,515 data breaches that exposed more than 5 billion records. Year over year, the total number of breaches slipped by 3.2% and the number of exposed records fell by 35.9%.
The 12 largest breaches alone accounted for 74% of all exposed records. Each of those dozen incidents exposed more than 100 million records.
The United States experienced nearly 35% (2,264) of all breaches, far more than any other country, and also recorded the highest number of exposed records with 2.26 billion (44.4% of the year’s total). The United Kingdom suffered 144 data breaches that exposed 19.6 million records, while Canada posted the third highest number of breaches with 112.
India recorded 82 data breaches and the second-highest number of exposed records with 1.28 billion. China suffered just 12, but the median number of records exposed in those incidents ran to 10 million per breach and the total number of exposed records came to 332.5 million, the third-highest total in the world.
Inga Goddijn, executive vice president at Risk Based Security, said:
It’s been an unusual year for breach activity. We’ve been monitoring breach events for more than a dozen years now and this is the first time we’ve observed a slow start to the year followed by a growing number of disclosures as the months pass. We suspect various factors including the allure of crypto mining had an impact on breach activity early in the year, but disclosures rebounded throughout the summer and into the last quarter.
The security firm also noted that of 5,149 breaches with a confirmed discovery method, only 680 (13.2%) were discovered by the organization responsible for protecting the data. The average number of days between discovery and disclosure rose from 48.6 in 2017 to 49.6 last year. That additional delay surprised the researchers who expected that the new GDPR Â reporting rules would shorten the time between discovery and public disclosure.
Facebook Inc. (NASDAQ: FB) logged two of 2018’s 10 breaches revealing the most records (117 million in total), although the largest worldwide breach was the exposure of some 1.1 billion records in India in a single incident. Under Armour Inc. (NYSE: UAA) exposed 150 million records of users of its MyFitnessPal app, and hotel and resort operator Marriott International Inc. (NYSE: MAR) discovered a leak of some 383 million loyalty program members’ records that had been occurring since 2014.
Email addresses were exposed in 61% of the breaches, more than any other data type, with passwords a close second at 57%. Social Security numbers were exposed in about 14% of the incidents and credit card numbers were revealed in about 12%.
Goddijn commented:
The number of records exposed did come down about 36% compared to last year and while the number of breaches is still quite high, we did not see a repeat of widespread events like WannaCry and Petya/NotPetya. After year upon year of bad news, we’ll take improvement where it can be found.
The Risk Based Security report offers more details and information on last year’s data breaches. The report also contains a list of the 20 largest data breaches of all time.
24/7 Wall St.Sponsored: Attention Savvy Investors: Speak to 3 Financial Experts – FREE
Ever wanted an extra set of eyes on an investment you’re considering? Now you can speak with up to 3 financial experts in your area for FREE. By simply
clicking here you can begin to match with financial professionals who can help guide you through the financial decisions you’re making. And the best part? The first conversation with them is free.
Click here to match with up to 3 financial pros who would be excited to help you make financial decisions.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Editors' Picks
