Today, Gemalto can reveal that 707 million data records were compromised worldwide as a result of 1,673 data breaches, in its 2015 Breach Level Index (BLI) – more than 3.6 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches.
While it is no surprise that theft of identities and personal information retains top spot, accounting for 53% of data breaches; healthcare and government have overtaken retail as most-targeted sectors. The BLI highlighted that the government sector accounted for 43% of compromised data records, up 476% from 2014 due to several very large data breaches in the United States and Turkey, and 16% of all data breaches. The healthcare sector accounted for 19% of total records compromised and 23% of all data breaches. While retail sector saw a major drop (93%) in the number of stolen data records compared to the same period last year, accounting for just 6% of stolen records and 10% of the total number of breaches in 2015. The financial services sector also saw a nearly 99% drop, representing just 0.1% of compromised data records and 15% of the total number of breaches.
“In 2014, consumers may have been concerned about having their credit card numbers stolen, but there are built-in protections to limit the financial risks,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “However, in 2015 criminals shifted to attacks on personal information and identity theft, which are much harder to remediate once they are stolen. As companies and devices collect ever-increasing amounts of customer information and as consumers’ online digital activities become more diverse and prolific, more data about what they do, who they are and what they like is at risk to be stolen from the companies that store their data. If consumers’ entire personal data and identities are being co-opted again and again by cyber thieves, trust will increasingly become the centerpiece in the calculus of which companies they do business with.”
“It is important to keep in mind that not all breaches are equal in terms of the level of severity and damage that they can bring for companies and their customers,” added Hart. “Even if a breach occurs, it can be a secure breach if the right security technologies, such as encryption, are properly in place to protect the most important and sensitive data. Unfortunately, this year there were several major breaches involving personal data and identities that were not encrypted when they should have been.
“The Breach Level Index is designed to serve as a guide for security professionals as they navigate the widening threat landscape. It provides CIOs and CSOs with the data they need to better classify breaches, conduct internal risk assessment and planning, and most importantly employ the right security technologies to help ensure that if a breach were to occur their high value and most sensitive data would not be compromised,” concluded Hart.
For a full summary of data breach incidents by industry, source, type and geographic region, download the 2015 Breach Level Index Report.