Just this month it was revealed that Malaysia’s largest ever data heist saw the personal details of 46 million mobile phone subscribers stolen. Even as the nation tries to comprehend the enormity of the situation, InfoWatch has reported massive numbers of data records compromised through Data 925 confidential information leaks in the first half of this year alone. That figure is a 10% increase over H1 2016.
Over the January to June period of 2017, data leaks caused 7.78 billion personal and payment data records being compromised globally, including social security numbers, bank card details, and other critical data. This was largely in part due to 20 mega leaks (10+ million records each) that accounted for 98% of the number.
What’s causing all the data leaks?
Internal offenders caused 58% of global cases, with an average number of compromised records soaring up to 13.6M records per leak caused by external intruders (2.4M in 2016) and 4.5M records per leak by malicious insiders (0.8M in 2016).
According to InfoWatch Analyst Sergey Khayruk, since the beginning of 2017 there has been a sprawl of compromised data and damage caused by sensitive information leaks. He noted that digital economy development makes cybersecurity move beyond its own sector and become a topic of discussion at the highest possible level.
“An increasingly better understanding of data leaks should contribute to overall information security awareness, even in Russia, where affected organizations are starting to assess damage caused by a particular leak. To minimize these risks, enterprises need an integrated approach to cybersecurity, including tools for protection against internal and external threats,” said Khayruk.
The share of data leaks associated with unauthorized data access (abuse of access privileges and internal espionage) are less than 8% of all cases, while unskilled leaks unrelated to the abuse of access privileges or data fraud are recorded in 84% of cases.
Compared to H1 2016, the reporting period saw more leaks through the network channel and email and fewer leaks through equipment loss/theft, removable media, and paper documents.
The most marketable payment details mostly leaked via browsers or cloud storage (45%) and corporate email (44%).
Data leaks were detected most often in healthcare and least often in manufacturing and transport sectors. Hi-tech companies, including online services and major portals, recorded the largest volume of compromised data, while 16% of all compromised records leaked from government authorities.
Over the reporting period, criminals were mostly interested in banking and high-tech sectors, where more than a half of the personal data leaks were of malicious nature.
“Commercial and governmental services operate an ever-growing volume of electronic and therefore extremely marketable data. Both high-tech and financial sectors are very exposed to data leaks and extremely attractive to intruders, with the majority of data being compromised there maliciously. At the same time, these very sectors drive digital economy, which, as it evolves, requires better regulation and cybersecurity for digital transformation processes,” he concluded.