By the end of the second quarter this year, the number of private records exposed in data breaches already had surpassed the all-time-high full-year record set last year. In the third quarter, another 8.3 billion records were added, bringing the total number of records exposed this year to 36 billion.
At the same time that the number of records exposed soared by more than 400%, the number of breaches fell by 51%, from 6,021 in the first nine months of 2019 to 2,953 in the same period this year.
The data was reported on Thursday by cybersecurity firm RiskBased Security.
According to Executive Vice President Inga Goddijn, malicious actors have been turning their attention to lucrative ransomware attacks: “While many of these attacks are now clearly breach events, the nature of the data compromised can give some victim organizations a reprieve from reporting the incident to regulators and the public.”
RiskBased Security includes ransomware attacks in its breach reports and has counted more than 440 such breaches so far in 2020. Ransomware attacks may include clear breaches, where data is stolen, along with breaches that indicate that attackers have compromised the systems or services and could have gained access to sensitive data. Locking down a victim’s data fits into that second category.
There were 15 data breaches in the third quarter that resulted in exposing 10 million or more records. So far in 2020, there have been 51 data breaches of that magnitude. Four of the 15 breaches recorded in the third quarter involved more than 100 million records, and two that exposed more than a billion records. The quarter’s largest data breach exposed 6 billion records stored on an Elasticsearch server.
Health care institutions have been the target of 341 attacks in the first nine months of the year, with the latest making news just this week. IT firms have been targeted 306 times, and finance/insurance companies have been attacked 274 times.
Of the attacks on health care institutions, 117 have been directed at hospitals, 123 at practitioners and 71 at other health care facilities.
Ironically, perhaps, politically motivated hacking (hacktivism) has failed to generate a lot of concern this year, or what the report calls “an alarming sense of complacency among [U.S.] voters, local officials, and the media.” The report also suggests reasons for this complacency: “This could be due to general ‘breach fatigue,’ heightened focus on the mail-in voting process, or simply the overwhelming amount of newsworthy events taking place in recent weeks. It makes sense to focus on the issues that are on your doorstep, rather than those that are not as transparent.”