The number of data breaches resulting in exposed records is up by 54% year over year in the first half of 2019, and the number of records exposed in those breaches is up by 52%. More than 3,800 data breaches were reported in the first six months of this year, and just eight of those exposed more than 3.2 billion records, nearly 80% of all records exposed so far in 2019.
In the first three months of 2019, some 1.9 billion records were exposed in 1,903 recorded data breaches, implying that 1.4 billion records were exposed in the second quarter. There were three breaches in the first quarter and five in the second that resulted in the exposure of 100 million or more records each, according to Risk Based Security, the research and security firm that issued its 2019 Midyear Quickview Data Breach Report Thursday morning. All told, those eight breaches exposed 3.2 billion records.
The business sector was responsible for nearly 85% of the exposed records and two-thirds of the reported breaches. The largest involved the first-quarter release of nearly a billion names, email addresses and other personally identifiable information from Verifications.io, a firm that verifies or approves email addresses for third-party customers. The leaked records were the result of leaving a database unsecured and accessible to just about anyone who wanted a peek. The good news is that no passwords or Social Security numbers were included in the breached data.
The second-largest breach so far in 2019 was the second-quarter exposure of personal data in 885 million records related to real estate transactions at First American Financial. The third-largest involved 540 million Facebook users’ data exposed due to a misconfigured database managed by Mexico-based Cultura Colectiva. All three are among the top 10 breaches of all time based on the number of records exposed.
Inga Goddijn, executive vice president and head of Cyber Risk Analytics at Risk Based Security said:
Quarter after quarter the pattern has repeated itself. The vast majority of incidents are attributable to malicious actors outside an organization. Unauthorized access of systems or services, skimmers and exposure of sensitive data on the Internet have been the top three breach types since January of 2018. However, insider actions, both malicious and accidental, have driven the number of records exposed.
Risk Based Security noted more than 1,300 leaks in the first half of 2019 exposing email addresses and passwords. The average number of records lost per leak was just 230. But those records remain high-value targets for hackers: 70% of data types exposed in the first half of this year were email addresses and 64% were email passwords.
Web-based breaches, primarily the result of leaving databases accessible to third parties and failing to protect them, accounted for just 149 breaches in the first six months of this year and more than 3.2 billion breached records.