Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

Report: Nearly 200 Million Records Compromised In Q1

More than 250 breaches were disclosed in Q1 2014, SafeNet report says.

More than 250 data breaches occurred in the first quarter of 2014, resulting in the compromise of nearly 200 million records, according to a report published this week.

According to SafeNet's "Breach Level Index," the pace of compromised data in Q1 amounted to approximately 93,000 records per hour, a 233 percent increase over the same quarter in 2013.

Interestingly, despite much discussion of retail security following breaches at Target and other retailers in Q4 2013, the retail industry accounted for just 1 percent of the records lost in Q1, and just 10 percent of the breaches. The financial industry was hit hardest during Q4, accounting for 58 percent of records lost. The technology industry accounted for 20 percent of lost records. The healthcare industry was hit hard in terms of breach events, accounting for 24 percent of all breaches, but only 9 percent of data records lost.

South Korea took the top spot of all countries with four of the top five breaches worldwide and a loss of 158 million records across a variety of industries. This represents 79 percent of the total number of reported breached records worldwide. These four breaches included the Korea Credit Bureau, Korean Medical Association, Korea Telecom, and Naver, a major Korean search portal. While the number of South Korean breached records was extremely high, the number of breach incidents in Asia/Pacific as a whole accounted for only 7 percent of the total number of global breaches, dwarfed by the 78 percent (199 incidents) that occurred in North America and 13 percent in Europe.

Malicious outsiders accounted for 156 (62 percent) of total incidents during the first quarter, compromising more than 86 million records stolen. Malicious insiders accounted for just 11 percent of total incidents, but they were much more effective, accounting for 52 percent of records stolen. Accidental loss represented 25 percent of total incidents, while hacktivist and state-sponsored attacks added up to just 2 percent of the total.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BobH088
50%
50%
BobH088,
User Rank: Apprentice
5/2/2014 | 10:53:44 AM
solution
One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information.  I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/1/2014 | 5:06:08 PM
Re: Confusing description of the amount of records breached
Yes, you would think these numbers would spur some action..We'll see.
Duane T
100%
0%
Duane T,
User Rank: Apprentice
5/1/2014 | 12:13:44 PM
Confusing description of the amount of records breached
"the pace of compromised data in Q1 amounted to approximately 93,000 records per hour"

Does that mean the average was 93,000 records per hour, or that we're on pace to reach that level? I was left looking for additional follow up, as I usually see a continued "size of problem" explanation that might be even scarier "if this rate of increase continues, we'll reach 1B records" or some other scary figure.

Why does this matter? Sometimes such a summary puts the figure into a perspective that can spur action.  The previous commentor knows exactly where this goes, since 1B records would mean that every US cititzen would have their records stolen 3 times. That may or may not happen, however, this is a very possible outcome of the tread from this article. I don't know what it will take but these numbers should spur deeper and more serious thinking about security for retailers and other firms.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/1/2014 | 10:28:41 AM
Tip of the iceberg
What is amazing to me is this is just the numbers that were reported.  Many times when a breach occurs the organization covers up the incident rather than reporting it.  Other times, a breach occurs and no one notices.

To put this number into perspective, lets imagine that each of the 200 million records was a unique record for someone living in the USA.  That would mean that 63% of all Americans had a compromised record in the first quarter of this year.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...