Data breaches can’t seem to be stopped. In spite of increased media publicist and tighter data security laws, users’ personal data is more exposed than ever, according to Gemalto’s new security report for the first half of 2017.
A total of 1.9 billion data records were exposed in the first six months of 2017, compared to 721 million in the second half of 2016. The number of breaches themselves also shot up to 918, compared to 816 during the previous period.
However, most of these breaches have been categorised as ‘nuisance’ breaches, where no significant risk nor damage occurred to the affected individuals.
Who’s to Blame?
River City Media took the dubious crown for most records leaked: Over 1.3bn records were potentially leaked after the marketing company failed to safeguard its backups. Just the fact that a single company has amassed so much data is worrying, let alone witnessing a breach.
The most unpleasant leak on their list, we feel, is the NHS leak, where patient records of 26 million individuals were accidentally exposed for all healthcare workers to see. The programming error allowed most pharmacies and healthcare organisations access to confidential data.
The Deep Root Analytics – Republican National Convention leak also deserves a (dis)honourable mention. Personal details of roughly 198 million American voters were leaked when the company stored 1.1 terabytes of data on a cloud server, all without password protection.
Malicious outsiders still account for three quarters of the breaches. About one fifth were accidents, whereas eight percent are the result of malicious insiders. The amount of records leaked by the latter is sharply on the rise.
Worryingly, about a half of all breaches reported were identity theft type breaches. They are risky because crimes can be committed in that person’s name – along with emptied bank accounts and maxed out credit cards.
Outsiders are still responsible for the majority of breaches. © Gemalto
The EU Going Strong
Most of the breaches occurred in the US, which is home to 86% of the total. Only 49 occurred in the EU, which is 35% less than last year. 79% less records were exposed as well. This could be a sign of things to come, especially as the GDPR compliance efforts kick into high gear.
Of course, there’s much to improve and these numbers by and large aren’t impressive. However, at least for the EU, it’s a good step forward and it shows that sound data policies, such as the GDPR, do pay off. If we see a reduction in the next report, it is a clear sign that the GDPR has achieved much of what has been planned.
