24/7 Wall St.

The number of data breaches resulting in exposed records was up by a third year over year in the first nine months of 2019, and the number of records exposed in those breaches more than doubled. Nearly 5,200 data breaches were reported through September of this year. For the year to date, almost 8 billion records had been exposed.

In the first six months of 2019, some 4.2 billion records were exposed in 3,813 recorded data breaches, implying that 3.8 billion records were exposed in the third quarter. There were six third-quarter data breaches that resulted in the exposure of 100 million or more records, according to Risk Based Security, the research and security firm that issued its 2019 Q3 Quickview Data Breach Report Tuesday morning. Added to three breaches in the first quarter and five in the second that resulted in similarly sized exposures, 14 breaches have exposed some 6.3 billion records.

The most common type of breach is unauthorized access to systems (aka, hacking). Of all the breaches reported through September, some 3,917 were attributed to hacking attacks.

The most startling number, though, is the number of records exposed due to accidental exposures caused by misconfigured databases, backups, endpoints and services. So far in 2019, 6.76 billion records have been exposed courtesy of these errors.

Inga Goddijn, executive vice president at Risk Based Security said, “[A]s we look over the experience of 2019 what stands out is that we are often our own worst enemy. Whether it’s a phishing campaign that ultimately provides malicious actors with a toehold into systems or misconfigured databases and services that leave millions of sensitive records freely available on the internet, it seems to be human nature coupled with weak controls that contributed heavily to the number and severity of breaches we’ve seen this year.”

The business sector has been responsible for 66% of the breaches reported so far this year, followed by medical records (14% of breaches), government (12%) and education (8%).

The following map shows the economic sector by state that attracts the most attacks. Attacks on the public administration sector are most prevalent (92) but were the top targets in just a handful of states. The health care sector was attacked most in 19 states and the financial sector was the most targeted in nine states.

Source: Risk Based Security Inc.

Risk Based Security concludes that 2019 is another example of how hacking remains as the most common breach type (as it has been in each of the eight years that the firm has produced this report), how the majority of breaches come from outside an organization and how malicious actors continue searching for ways to make a fast buck: “The number of publicly disclosed events shows no sign of slowing, setting up 2019 to be another ‘worst year on record’ in terms of breach count, while the number of sensitive, confidential records exposed has already exceeded all prior years tracked.”