The number of publicly reported data breaches fell by nearly half year over year in 2020. However, the number of records compromised rose by 141% to more than 37 billion, the highest total since 2005, the year that Risk Based Security (RBS) began tracking data breaches.
RBS reported a total of 3,932 data breaches last year, five of which resulted in the exposure of more than a billion records each. More than 30.4 billion records (82% of the total for the year) were compromised in just those five breaches.
Although RBS did not identify the largest breaches by name, it is likely that the largest involved more than 11 billion records leaked from a database that stored records on tens of millions of users of CAM4, a live streaming site for adult content, according to a report at Infosecurity. A similar leak at French newspaper Le Figaro exposed more than 7 billion records. Both leaks came from misconfigured Elasticsearch cloud database servers, and both were reported in May of last year.
According to RBS, the sector most often victimized last year was health care. More than 12% of all data breaches occurred at health care providers. The sector had been the second-most breached in both 2018 and 2019, and the COVID-19 pandemic likely pushed sector breaches to the top spot. As RBS noted, “Taking to heart the saying ‘never let a good crisis go to waste’, attackers understood and capitalized on the stress the pandemic placed on the industry by setting their sights on hospitals, health care systems, and pharmaceutical companies.”
RBS Executive Vice President Inga Goddjin noted that “ransomware coupled with data theft has been the leading story of 2020.” Year over year, ransomware attacks doubled to a total of 676 last year, while the number of breaches that exposed payment card details fell by nearly half. RBS speculates:
[T]here are a limited number of malicious actors with the skills and perseverance to engage in the type of attacks that can result in meaningful monetary returns. It is our belief some operators that once pursued sensitive data to sell on the black market have pivoted to more lucrative extortion schemes.”
One of the skilled attackers or attack groups is known as ShinyHunters. The person or group pilfered more than 550 million user records last year and capped the thievery in the fourth quarter by compromising 17 databases and stealing nearly 130 million records in just five weeks.
The headline-grabbing hacker group that penetrated security providers SolarWinds, FireEye and Malwarebytes, along with Microsoft Office 365, was just one among many attackers focused on email addresses from education, government and military domains (i.e., .edu, .gov and .mil). All told, more than 400 million email addresses were exposed from companies listed among the S&P 100, along with more than 14,000 email addresses from the IT/cybersecurity sector and more than 150,000 government and military addresses.