So far, 2016 hasn’t been great in terms of data breach statistics. Based on newly released findings from the Breach Level Index (BLI), there were 974 publicly disclosed data breaches in the first half of 2016, which led to the successful theft or loss of 554 million data records.
Breaking Down the H1 2016 Data Breach Statistics:
- 3.04 million records compromised every day
- 126,936 records compromised every hour
- 2,116 records compromised every minute
- 35 records compromised every second
The 554 million compromised records also represents a 31% increase from the previous six months, when 424 million records were lost or stolen.
Unknown damage from breaches
As bad as the stats above might seem, the sad truth is that this is just the tip of the iceberg.
The Breach Level Index records publicly disclosed data breaches, so that overall tally – 974 data breaches in H1 2016 – is reliable.
Unfortunately, many organizations that experienced a breach from January through June 2016 either don’t yet know the total number of impacted data records or have thus far failed to disclose the total to regulators or the general public.
In fact, in 52% of the H1 2016 data breaches, the exact number of data records were unknown.
That means that the number of compromised records the BLI was able to record thus far – 554,454,942 million data records – is the best case scenario and that particular stat will likely increase significantly as more information about the H1 2016 breaches becomes available.
Biggest targets and sources of 2016 data breaches
Cybersecurity trivia question for you: What type of data is compromised most? You might guess financial data (if you haven’t read past Breach Level Index reports or my previous posts on this subject), but “phone a friend” and guess again.
Identity theft accounted for 64% of all data breaches in H1 2016 – that’s a total of 621 incidents and theft of more than 294 million data records (53% of all records lost/stolen).
By comparison, financial access data breaches accounted for 16% of all breaches in the first six months of 2016, and account access data breaches represented 11.1%.
Existential data breaches (those involving sensitive company assets, like intellectual property) and nuisance attacks (those in which just a user name and affiliation were compromised) accounted for the remaining 5% and 4% of all cyber security incidents, respectively.
Identity theft has now been the number one type of data breach since 2013, when the Breach Level Index first began tracking these incidents. And it continues to represent a growing number of the total breaches.
And comparing H1 2016 to the same period last year, identity theft breaches have increased in prevalence by 38%.
Blame it on the hackers
With identity theft the leading type of breach, it’s unsurprising that malicious outsiders were likewise the source of 69% of the breaches in H1 2016. That’s up from 58% in 2015.
Hacktivists accounted for 3% of all H1 2016 breaches, and state sponsored attacks represented 1%. Combine those percentages with the malicious outsiders, and a headache-inducing 73% of security breach incidents originated outside of the targeted companies.
Still, that doesn’t mean that CIOs aren’t rightfully up at night worrying about threats from within. Accidental loss and malicious insiders were to blame for 18% and 9% of the total incidents.
While the accidental loss number is substantial, it’s important to note that this actually represented a 14% decline in this area compared to H2 2015 — perhaps a sign that some internal employee security measures are beginning to have a positive impact.
Data breach statistics 2016: Most impacted industries
Government data breaches in 2016
When breaches were successful in H1 2016, government was the industry that suffered the most. Over 318 million data records were lost by or stolen from agencies and other public sector entities, resulting from 137 breaches (14% of all H1 breaches) and yet accounting for 57% of all compromised records in the half.
In other words, even though breaches happen less frequently in the government space compared to other industries, cyber criminals are getting massive amounts of data when breaches do occur.
That 318 million tally already eclipses the records lost/stolen in the government sector throughout all of 2015, when this industry represented 43% of all compromised records — leading the pack then as it does now.
More than 302 million records stemmed from just three breaches, all of which were related to elections.
In two separate incidents, unsecured voter databases were discovered containing U.S. and Mexican voter information, while in the third incident Anonymous Philippines hacked the Philippines’ Commission on Elections website just a month before the Philippines was scheduled to hold its 3rd automated elections.
Healthcare data breaches in 2016
While Government took home the un-coveted trophy for most data records lost/stolen, the healthcare industry experienced the most data breaches overall in H1 2016 – 263 incidents, which adds up to 27% of all breach incidents.
While the government sector lost large the most data per breach, healthcare organizations experienced the most breaches, but accounted for only 5% of total data records compromised (30,017,528).
Why would healthcare account for the majority of breaches, but not the number of data records stolen?
The short and honest answer is I’m not sure yet. My theory – and it is just that at this point, a theory – is that there are many healthcare organizations being breached possess relatively smaller amounts of information per database for hackers to steal. (If you have your own theories, be sure to share them with us in the comments or on Twitter via @GemaltoSecurity).
Whereas we saw 150 million records compromised due to a single breach of a U.S. voter database, the top healthcare data breach in H1 2016 – in terms of records stolen – accounted for the loss of “only” 10 million records.
That particular incident involved a member of the hacktivist group Anonymous breaching the servers of Turkish hospitals and stealing patients’ medical data as well as staff records in retaliation for cyberattacks on U.S. hospitals believed to be perpetrated by Turkish hackers.
While tens of millions of compromised records is certainly better than hundreds of millions, no organization or industry wants to endure either.
It’s also important to note that the 263 healthcare breaches in H1 2016 already equals 70% of the total healthcare breaches that occurred in all of 2015 – meaning the industry is currently on track to experience more breaches year-over-year. Not a good sign.
Retail data breaches in 2016
The retail industry accounted for 102 breaches and 16.3 million compromised data records. That didn’t make this industry stand out to me, but what did grab my attention is a figure regarding the precise source of the breaches.
In 27% of the retail data breaches, fraudsters used skimming devices at gas pumps to obtain customers’ credit card information. This matches local law enforcement reports of increased credit card fraud originating from gas stations.
That’s unfortunate, but not unexpected, as gas pumps remain softer targets for thieves.
While payment networks like Visa and MasterCard are requiring merchants to support EMV chip technology, the deadline for gas stations to migrate was extended until October 2017 due to the cost and complexity of upgrading gas pumps’ payment terminals.
You can count me as one consumer that will be avoiding the “Pay Outside with Credit Card” button at gas pumps moving forward.
Additional industry breaches
- Financial data breaches:
- 12% of all breaches (118 incidents)
- 2% of records compromised (12,320,624 data records)
- Biggest breach: Mossack Fonseca; 11.5 million records compromised
- Education data breaches:
- 11% of all breaches (102 incidents)
- 1% of all records compromised (3,153,818 data records)
- Biggest breach: Indian Institute of Management – Ahmedabad (IIM-A); 2 million records compromised
- Technology data breaches:
- 9% of all breaches (90 incidents)
- 16% of all records compromised (88,586,561 data records)
- Biggest breach: Verticalscope; 45 million records compromised
- Breaches in other industries:
- 16% of all breaches (159 incidents)
- 16% of all records compromised (85,830,644 data records)
- Biggest breach: Fling.com; 40 million records compromised
H1 2016 data breaches by region
Where were all of these breaches occurring? For the most part, North America – specifically the United States.
The U.S. accounted for 728 of the 974 incidents around the globe in the first half of 2016. To put how frequently breaches occur in the U.S. compared to the rest of the world, there were 1193% more breaches in the United States compared to the second most breached nation, the United Kingdom (61 breaches).
That being said, it’s important to note that public breach disclosure laws differ greatly per region, so we have to take the disparity between North America and the rest of the world with a grain of salt.
It will be interesting to see if the EU’s General Data Protection Regulation (GDPR) will result in an increase in European companies publicly disclosing breaches in the future – thus increasing the number of breaches recorded in that region going forward.
I’m doubtful, however, that the GDPR or other breach disclosure measures on the horizon will be enough to significantly close the gap between the number of North American breaches vs. European, Middle Eastern, African or APAC breaches.
Data breach statistics 2016 summed up:
- 554 million records were lost or stolen in H1 2016
- Identity theft was the most prevalent type of breach
- Malicious outsiders accounted for the most breaches yet again
- Government was the industry with the most lost/stolen data records
- Healthcare was the most breached industry
- The U.S. was the most breached country
There’s a lot more you should know about the state of cyber security, how the various industries and regions are being impacted by breaches, and the changes required to combat breaches in the future to keep this picture from growing bleaker.
Download the full Breach Level Index H1 2016 report to learn more and visit Breachlevelindex.com to explore past and present breach data as well.