The first half of 2019 has seen over 3,800 data breaches, 54% more than the whole of last year. An alarming increase reported by Risked Based Security.
Although the amount of security breaches is 30% less compared to the same time frame in 2017. Many within the cybersecurity community claim that the biggest threat comes from insider attacks, However, this recent report suggests otherwise.
89% of attacks are external, although many of these stem from "more and more sensitive data being exposed when insiders fail to properly handle or secure the information." 149 of 3,813 incidents reported so far this year resulted in the exposure of over 3.2 billion records.
Risk-Based Security also points to the dangers of placing sensitive data in the hands of third parties. The American Medical Collection Agency (AMCA) breach saw "hackers infiltrate AMCA's network and pilfered over 22 million debtors' records including data such as names, addresses, dates of birth, Social Security numbers and financial details" as a critical event.
These numbers may only show part of the picture. According to the unit chief at FBI’s Internet Crime Complaint Center (IC3), the total number of cybercrimes reported only represent 10-12% of the actual number. Imagine the stats in other countries where the internet is still an emerging technology penetrating its way into the masses.
According to the Risk-Based Security, Healthcare services are the single highest affected industry with Retail, Finance/Insurance, Public Administration, and IT rounding out the top five.
Some of the most high profile data breaches this year include:
Data for roughly 139 million users has been taken during the breach. Stolen data included details such as customer usernames, real names, email addresses and where available, city & country information. For 61 million users, password hashes were also present in the database. The passwords where hashed with the bcrypt algorithm, currently considered one of the most secure password-hashing algorithms around.
For other users, the stolen information included Google tokens, which users had used to sign up for the site without setting a password. Of the total 139 million users, 78 million users had a Gmail address associated with their Canva account.
2. Capital One
The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One. However, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised," the company noted.
A massive data breach struck Quest Diagnostics and the information of up to 11.9 million patients were potentially compromised. Quest says that unauthorized activity took place on "AMCA's web payment page," which may suggest a card skimmer was in play.
These kinds of attacks are the specialization of Magecart, a group which has compromised British Airways, Ticketmaster, and other major brands in the past. Laboratory test results are not believed to have been compromised.