Digital Transactions Authoritative, insightful and timely information for payments professionals
The year 2019 is shaping up to be the worst year yet for data breaches, according to a recent report from Risk Based Security Inc. Through the year’s first half, 3,813 breaches were reported, up 54% from a year earlier. Those breaches exposed more than 4.1 billion consumer records, up 52% from 2018.
Long-term data confirm 2019 is on a record-setting pace, according to Risk Based Security, a Richmond, Va.-based analytics and consulting firm specializing in data protection. Through June, the number of breaches is about 50% higher than for the same period in each of the last four years.
The bulk of records exposed during 2019’s first six months came from eight breaches that collectively exposed more than 3.2 billion records, or 78.6% of the total, Risk Based Security says. The biggest originated with Verifications.io, a provider of email-verification services, which exposed 982.9 million records that included email addresses, names, and other personal data. Credit cards accounted for 11% of the data exposed through mid-year, down from 16% in 2018 and 19% in 2017.
While hacking remains the leading culprit, accounting for 82% of reported breaches, breaches via the Web exposed the most records, accounting for 79% of compromised records, the report says.
Risk Based Security compiled the report from information gathered through automated Internet searches and by its staff.
While hackers tend to avoid banks, card issuers, and payment processors because of their usually strong cybersecurity, merchants remain a prime target because of the access they have to cardholder data within their systems, says Inga Goddijn, executive vice president at Risk Based Security. Through the first half of the year retailers reported 199 breaches. Only the health-care sector suffered more, with 224.
“Retailers, online retailers, and gas stations remain prized targets because they accept credit cards,” Goddijn, who wrote the report, tells Digital Transactions News. “While they are aware of the risk, they don’t necessarily have unlimited resources to apply to cybersecurity like other businesses.”
Driving the growing threat of breaches is cybercriminals’ interest in user credentials, such as usernames and passwords. The biggest vulnerability for any business housing personal consumer data is when employees fail to properly secure or handle that data, Risk Based Security says. Of the more than 3,800 breaches reported so far, 149 exposed more than 3.2 billion consumer records due to misconfigured databases and services, according to the report.
Of the 8% of breaches or data attacks that were attributable to insiders, 58% were deemed accidental circumstances or internal security errors and 12% were due to malicious circumstances, with exact causes of the rest unknown.
Besides, cybercriminals are constantly probing security systems looking for weak spots, which puts even more pressure on IT professionals to stay ahead of the curve, says Goddijn.
“There is so much complexity to information technology when it comes to defending the system that no one is immune,” Goddijn says. “But the thing is, hackers only have to be right once, whereas security has to be right all the time.”
Given the explosion of breaches during the first half of 2019 and the high number of records exposed, risk awareness alone is not enough to stem the threat. Instead, businesses will need to step up their cybersecurity efforts.
“What’s clear, is that despite the awareness of the issue among business leaders and the best efforts of defenders, data breaches continue to take place at an alarming rate,” Goddijn says. “Once again, we are on track for another worst year on record for breach activity.”
