The number of data breaches resulting in exposed records reached a record total of 8.4 billion in the first quarter of 2020, even as the number of breaches fell by more than half. The total number of exposed records is greater than the number of exposed records in the first three-quarters of last year.
In all of 2019, research and data security firm Risk Based Security reported nearly 7,100 data breaches and 15.2 billion exposed records. More than 7 billion records were exposed in the final three months of last year, when just four events accounted for more than 6.5 billion of the losses.
The sharp year-over-year first-quarter decline is partly due to the COVID-19 pandemic. Inga Goddijn, executive vice president at Risk Based Security, commented:
As the virus spread, so did a decline in breach disclosures. The turmoil that the pandemic has brought has created a unique opportunity for malicious actors and a stressful environment primed for mistakes. Once the dust settles, we anticipate the number of reported breaches will be on par with, if not exceed, 2019.
The steep drop in the number of breaches reported is also partly due to the spike in the first quarter of 2019 that was nearly double the highest number of breaches in the preceding six years. Goddijn noted that similar spikes were seen in the fall of 2017 and 2018 but were missing this year.
The most common type of breach is unauthorized access to systems (aka, hacking). Of the 1,198 breaches reported in the first quarter, 819 were attributed to hacking. On average, each of those breaches exposed about 850,000 user records.
The number of records exposed due to misconfigured databases or servers averaged more than 100 million for 11 separate incidents. Overall, web disclosures accounted for 7.7 million exposed records in the first quarter.
Health care records were breached most often in the first quarter. There were 106 health care breaches, compared to 104 in the IT industry. Of the health care total, 35 data breaches occurred at hospitals.
Risk Based Security expects first-quarter results to shape larger trends for the year. For example, the large drop in disclosed breaches compared to the year-ago quarter is due to the combination of a short-term spike in breach reports in 2019 coupled with a short-term decline in breach reporting in 2020 due to the coronavirus outbreak. The firm anticipates that the effects of these brief fluctuations will moderate.