As more and more companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though they are becoming more commonplace.

In fact, the 2019 Data Risk Report found that companies still keep thousands of files unprotected and open for anyone inside the company to access. Let’s take a look back at some of the most impactful and damaging data breaches statistics on record and take a deep dive into the origin of data breaches.

We’ve compiled 107 data breach statistics for 2020 that also cover types of data breaches, industry-specific stats, risks, costs, as well as data breach defense and prevention resources. Hopefully, this will help organizations understand the importance of data security and how to better allocate their security budgets.

For more in-depth security insights check out our data breach whitepapers.

What is a Data Breach?

A data breach is any incident where confidential or sensitive information has been accessed without permission. Breaches are the result of a cyberattack where criminals gain unauthorized access to a computer system or network and steal the private, sensitive, or confidential personal and financial data of the customers or users contained within.

The U.S. Department of Justice defines a breach as “the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, access for an unauthorized purpose, or other unauthorized access, to data, whether physical or electronic.”

Common cyber attacks used in data breaches are:

The Origin of Data Breaches

Although data breaches seem more prevalent nowadays due to cloud computing and increased digital storage, they have existed as long as companies have maintained confidential information and private records. However, publicly disclosed data breaches increased in frequency in the 1980s and awareness of data breaches grew in the early 2000s.

According to the Office of Inadequate Security website, in 1984 the global credit information corporation known as TRW (now called Experian) was hacked and 90 million records were stolen. In 1986, 16 million records were stolen from Revenue Canada.

Most public information on data breaches only dates back to 2005. In 2019, surveys showed that over half of Americans were concerned about data breaches in the healthcare industry, making data security a top concern for consumers and companies. Data breaches today tend to impact millions of consumers in just one attack on a company.

In a recent data breach literacy survey that ran in October 2019, Varonis found that 64% of Americans have never checked to see if they were affected by any major data breach. 56% said they wouldn’t know what to do if their information was involved in a data breach.

How Do Data Breaches Occur?

A data breach occurs when a cybercriminal infiltrates a data source and extracts confidential information. This can be done by accessing a computer or network to steal local files or by bypassing network security remotely. While most data breaches are attributed to hacking or malware attacks, other breach methods include insider leaks, payment card fraud, loss or theft of a physical hard drive of files and human error. The most common cyber attacks used in data breaches are outlined below.

Ransomware

Ransomware is software that gains access to and locks down access to vital data. Files and systems are locked down and a fee is demanded commonly in the form of cryptocurrency.

Common Target: Enterprise companies and businesses

Malware

Malware, commonly referred to as “malicious software,” is a term that describes any program or code that harmfully probes systems. The malware is designed to harm your computer or software and commonly masquerades as a warning against harmful software. The “warning” attempts to convince users to download varying types of software, and while it does not damage the physical hardware of systems, it can steal, encrypt or hijack computer functions.

Malware can penetrate your computer when you are navigating hacked websites, downloading infected files or opening emails from a device that lacks anti-malware security.

Common Target: Individuals and businesses

Phishing

Phishing scams are one of the most common ways hackers gain access to sensitive or confidential information. Phishing involves sending fraudulent emails that appear to be from a reputable company, with the goal of deceiving recipients into either clicking on a malicious link or downloading an infected attachment, usually to steal financial or confidential information.

Common Target: Individuals and businesses

Denial of Service (DoS)

Denial of Service is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. It is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Common Target: Sites or services hosted on high-profile web servers such as banks

Historical Data Breach Statistics

Over the past 10 years, there have been 300 data breaches involving the theft of 100,000 or more records. - Forbes

Some of the biggest data breaches recorded in history were from 2005 or later. Once governments and businesses moved from paper to digital, data breaches became more commonplace.

In 2005 alone there were 136 data breaches reported by the Privacy Rights Clearinghouseand more than 4,500 data breaches have been made public since then. However, it is fair to believe the actual number of data breaches is likely higher since some of the data breaches that the  Privacy Rights Clearinghouse reports on have unknown numbers of compromised records. The 2014 Verizon Data Breach Investigation alone reported on 2,100 data breaches where 700 million records were exposed.

Below we have provided a list of data breach statistics that led up to and launched the age of data infiltration.

  1. The first computer virus, known as “The Creeper,” was discovered in the early 1970s (History of Information).
  2. In 2005 the Privacy Rights Clearinghouse began its chronology of data breaches (Symantec).
  3. 2005 is the year the first data breach (DSW Shoe Warehouse) exposed more than 1 million records (Symantec).
  4. The largest insider attack occurred from 1976 to 2006 when Greg Chung of Boeing stole $2 billion worth of aerospace documents and gave them to China (NBC).
  5. AOL was the first victim of phishing attacks in 1996 (Phishing).
  6. As of 2015, 25% of global data required security but was not protected (Statista).
  7. In 2017, one of the three major U.S. credit reporting agencies Equifax exposed 145.5 million accounts including names, Social Security numbers, dates of birth, addresses, and, in some cases, driver’s license numbers of American consumers (Symantec).
  8. Social media data breaches accounted for 56% of data breaches in the first half of 2018 (IT Web).
  9. Over the past 10 years, there have been 300 data breaches involving the theft of 100,000 or more records (Forbes).
  10. The United States saw 1,244 data breaches in 2018 and had 446.5 million exposed records (Statista).
  11. Data breaches exposed 4.1 billion records in the first six months of 2019 (Forbes).
  12. As of 2019, cyber-attacks are considered among the top five risks to global stability (World Economic Forum).

Largest Data Breaches in History + Other Examples

Yahoo holds the record for the largest data breach of all time with 3 billion compromised accounts. -Statista

Data breaches are becoming more and more common and some of the most recent data breaches have been the largest on record to date. Here’s a look at the largest data breaches in history.

  1. Yahoo holds the record for the largest data breach of all time with 3 billion compromised accounts (Statista).
  2. In 2019, First American Financial Corp. had 885 million records exposed online including bank transactions, social security numbers and more. (Gizmodo)
  3. In 2019, Facebook had 540 million user records exposed on the Amazon cloud server (CBS).
  4. In 2018, Marriott International data breach affected roughly 500 million guests (New York Times).
  5. In 2016, for reasons of poor security, Adult Friend Finder Network was hacked exposing 412 million users private data (Zero Day).
  6. Experian-owned Court Ventures sold information directly to a Vietnamese fraudster service involving as many as 200 million records (Forbes).
  7. In 2017, data of almost 200 million voters leaked online from Deep Root Analytics (CNN).
  8. In 2014, Ebay was hacked, accessing 145 million records (Yahoo).
  9. In 2008 and 2009, Heartland Payment Systems suffered a data breach resulting in the compromise of 130 million records (Tom’s Guide).
  10. In 2007, the security breach at T.J. Maxx Companies Inc. compromised 94 million records (Information Week).
  11. In 2015, Anthem experienced a breach that compromised 80 million records (Anthem).
  12. In 2013, Target confirmed a breach that compromised 70 million records (KrebsOnSecurity).

Recent Data Breaches + Statistics

On March 21, 2019, Facebook admitted that since 2012 it has not properly secured the passwords of as many as 600 million users. - IdentityForce

With 2,013 confirmed data breaches in 2019, we’ve outlined some of the most recent and impactful security breaches of the year. This data indicates the recency and widespread impact data breaches are having on compromising sensitive information.

  1. On January 16, 2019, a flaw within the popular video game Fortnite exposed players to being hacked. The game has 200 million users worldwide, 80 million of whom are active each month (IdentityForce).
  2. On March 21, 2019, Facebook admitted that since 2012 it has not properly secured the passwords of as many as 600 million users (IdentityForce).
  3.  On April 2, 2019, personal information of current and former faculty, students, staff and student applicants of Georgia Tech was accessed by a hacker through a central database. The database affected by the breach contained names, addresses, Social Security Numbers and birth dates of 1.3 million individuals and was the university’s second breach in less than a year (IdentityForce).
  4. Microsoft admitted a data breach of its non-corporate email services. The breach, which lasted from January 1 to March 28, 2019, allowed hackers to access email accounts by misusing Microsoft’s customer support portal (IdentityForce).
  5. On May 20, 2019, more than 49 million Instagram influencers, celebrities, and brands had their private contact information exposed after an India-based social media marketing company left the data unprotected on an Amazon Web Services database (IdentityForce).
  6. On September 27th, 2019 food delivery service DoorDash confirmed a data breach through a third party vendor exposing the information of 4.9 million customers, delivery workers, and merchants (IdentityForce).
    1. 7.5 million users on Adobe Creative Cloud was exposed due to an unprotected online database (IdentityForce).
    2. On December 19, 2019, over 267 million Facebook usernames, Facebook IDs, and phone numbers were exposed (IdentityForce).On October 26, 2019, the account information of

Data Breach By The Numbers…

Read The Full Article

Leave a Reply

Check Also

Mandatory Privacy-Breach Reporting Coming to B.C. Public Sector

As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to repor…