More than 15.1 billion records were exposed in 2019 as part of the data breaches that were publicly reported, Risk Based Security reveals.
The number of exposed records registered a massive 284% spike compared to the previous year (which had 5.3 billion records exposed), and also marked a 91% increase compared to 2017 (7.95 billion records).
A total of 7.2 billion records were compromised between October 1 and December 31, 2019, with four events accounting for 93.5% of these records. All four involved open, misconfigured databases that were made publicly accessible.
The number of reported data breaches was of 7,098 last year, representing only a 1% increase compared to the 7,035 breaches reported in 2018.
However, the gap is expected to grow in the next two months, as more 2019 incidents are publicly disclosed, Risk Based Security’s 2019 Year End Data Breach QuickView Report reveals (PDF). Another 250-300 incidents are expected to be added to the list.
Sensitive data was accessible but not confirmed as stolen for 22.6% of the incidents. There were “three breaches that compromised 1 billion records or more exposed transaction logs,” but the number of impacted people is much lower than the 7.6 billion exposed records.
Of the 15.1 billion records exposed last year, 13.5 billion were compromised via the web, specifically inadvertent exposure of data online, the report reveals. Hacking exposed 1.5 billion records, while the other types of incidents combined exposed 120 million records.
Hacking, however, accounted for 5,184 of the reported data breaches, while there were only 343 web incidents reported.
“There are plenty of malicious actors ready to take advantage of any and every shortcoming or oversight. Hacking, defined as unauthorized intrusion into systems, has been the top breach type by number of incidents for every year of the past decade except for 2010,” Risk Based Security notes.
The information sector emerged as the leader in the number of data breaches, with 614 incidents, with the healthcare sector following on the second position, at 512, and finance and insurance landing on the third, with 435 incidents.
Most of the data breaches in the information sector (88%) can be attributed to software publishers, data processing and hosting services, and Internet publishing companies.
By November, more than 38 million healthcare records had been exposed in the United States, impacting 11.64% of the population, data from the U.S. Department of Health and Human Services Office for Civil Rights breach portal revealed. However, only breaches impacting more than 500 individuals are added to the portal.
A total of 368 third-party breaches were reported in 2019, exposing over 4.7 billion records, with an average number of exposed records of roughly 13 million per breach.