Data breaches increased 49% in 2014 to 1 billion data records compromised, with cybercriminals targeting identity theft as top breach category

Gemalto, the world leader in digital security, releases the latest findings of the Breach Level Index, revealing that more than 1,500 data breaches led to one billion data records compromised worldwide during 2014. These numbers represent a 49% increase in data breaches and a 78% increase in data records that were either stolen or lost compared to 2013.

Data breaches took place all over the world in 2014, but some regions were harder hit than others. Easily at the top of the list in terms of the number of breaches was North America with 1,164 breaches, accounting for about three quarters of all breaches (76%). Those attacks involved more than 390 million records, or 38% of the total. A distant second was Europe, with 190 breaches and about 79 million records. While Asia-Pacific had fewer breaches (129), it had the most number of records compromised: 545 million, or almost half of the total for the whole year.

Among individual countries, the United States had the most data breaches, with 1,107. That accounted for 72% among all nations worldwide. Next was the United Kingdom, with 117 (8%), Canada 57 (4%), Australia 30 (2%), Israel 17 (1%) and China 17 (1%).

In terms of industries, retail and financial services experienced the most noticeable trends compared to other industry sectors in 2014. There were a total of 179 data breaches in the financial services industry, accounting for 12% of the total breaches last year. That percentage was down slightly from the year before, when it was 15%. Finance companies had 205,175,846 data records compromised, representing 20% of the total records and up from 2013. So, for the Financial Services sector, the number of data breaches remained relatively flat year over year, but the average number of records lost per breach increased ten-fold to 1.1 million from 112,000.

„Not only are data breach numbers rising, but the breaches are becoming more severe,” said Tsion Gonen, Vice-President of Strategy for Identity and Data Protection at Gemalto. „Being breached is not a question of ‘if’ but ‘when.’  Breach prevention and threat monitoring can only go so far and do not always keep the cyber criminals out. Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data. That way, if the data is stolen it is useless to the thieves.”

The Breach Level Index shows there were a variety of types of attacks and sources in 2014. While the sources of the attacks remained largely unchanged from those in 2013, the types of attacks were quite different from year to year in terms of frequency. The most common type of source were malicious outsiders, who were involved in 854 breaches, or 55% of the total. The percentage is essentially unchanged from 57% in 2013. Clearly, this is by far the biggest threat organizations face today in terms of potential loss of data.

The next type of source, responsible for about one quarter of the breaches, was accidental loss. This caused 380 of the data breaches. In 2013, accidental loss accounted for 27% of the breaches. It’s a bit perplexing that so many breaches could be caused by accident, and shows that companies need to do a better job of preventing mishaps
that can lead to data loss.

The most common type of attack was identity theft. Organizations were hit with 827 of these attacks, which accounted for more than half of the total (54%). That’s up dramatically from just 20% in 2013, which should be a concern for security operations.

Clearly they need to do more to prevent identity theft. The next most common type of attack was financial access, accounting for 261 or 17% of the breaches. That was down substantially from 50% in 2013. So these first two types of attacks basically switched places from year to year, which shows how dynamic and unpredictable the security environment can be.

„We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number,” added Gonen. „Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes. As data breaches become more personal, we’re starting to see that the universe of risk exposure for the average person is expanding.”
In addition to the shift toward identity theft, breaches also became more severe last year with two-thirds of the 50 most severe breaches according to their BLI score having occurred in 2014. Also, the number of data breaches involving more than 100 million compromised data records doubled compared to 2013.

For more details download Gemalto Breach Level Index – Annual Report 2014