- The Washington Times - Wednesday, March 29, 2017

Upwards of 1.4 billion records were compromised during the last calendar year, researchers said Tuesday, indicating an 86 percent increase over 2015.

A total of 1,792 separate breaches were reported worldwide in 2016, according to the annual Breach Level Index published Tuesday by Gemalto, a Dutch digital security company, in turn affecting the integrity of over 1.38 billion different records.

The nearly 1.4 billion figure, when broken down averages out to roughly 3.8 million records becoming compromised each day during 2016, or about 44 records every second.

By comparison, a relatively meager 740 million records were compromised during all of 2015, according to Gemalto.

Hackers, cybercriminals and other malicious outsiders were responsible for just over two-thirds of last year’s data breaches, while accidental loss and insider threats were ranked second and third respectively, Gemalto said.

The healthcare industry suffered 28 percent of all reported breaches in 2016, the report added, notwithstanding a spike in attacks against other sectors as well.

The number of records compromised in attacks against financial services victims went from 1.1 million in 2015 to 13.3 million in 2016, according to Gemalto, indicating a surge of 1,070 percent. The number of breaches suffered by the tech sector spiked by nearly 55 percent, meanwhile, accounting for more than a tenth of last year’s reported incidents.

Jason Hart, Gemalto’s vice president and chief technology officer for data protection, said researchers who wrote the report identified several trends evidenced time and time again during the course of reviewing major security incidents reported during 2015, including the AdultFriend Finder breach that compromised 400 million records and a hack against the Philippines’ Commission on Elections.

“Hackers are casting a wider net and are using easily attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid.”

“Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organizations,” he said. “Encryption and authentication are no longer ‘best practices’ but necessities.”

• Andrew Blake can be reached at ablake@washingtontimes.com.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide