Over a billion personal data records were compromised by hackers in 2014, a 78 percent increase from the previous year, according to a new report.
The latest findings of the Breach Level Index (BLI), published by digital security company Gemalto, reveal a 49 percent increase in data breaches overall. More than half of the 1,500 breaches measured were motivated by identity theft, overshadowing all other categories, including access to financial data.
The majority of data breaches, or 55 percent, occurred due to a “malicious outsider.” Accidental loss accounted for 25 percent, “malicious insiders” for 15 percent, state sponsored hacks for 4 percent, and hacktivism for only 1 percent.
One-third of the most severe breaches were also motivated by identity theft, Gemalto reported.
“We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number,” said Tsion Gonen, Gemalto’s vice-president of strategy for identity and data protection.
“Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes,” he continued. “As data breaches become more personal, we’re starting to see that the universe of risk exposure for the average person is expanding.”
According to Gemalto’s data, 76 percent of records stolen in 2014 originated from North America, with the majority of those originating from the United States. Europe came in second place at only 12 percent. Asia/Pacific, the Middle East and Africa, and Latin America followed sequentially.
Not only are security breaches becoming more frequent, but they are increasing in severity as well. It’s no longer a matter of “if,” but “when,” Gemalto said.
“Companies need to adopt a data-centric view of digital threats starting with better identity and access control techniques such as multi-factor authentication and the use of encryption and key management to secure sensitive data,” added Gonen. “That way, if the data is stolen it is useless to the thieves.”
A billion wasn’t a milestone necessarily difficult to achieve. On multiple occasions, hundreds of millions of records were compromised by a single attack. An attack on the e-commerce group Alibaba, for instance, led to over 300 million compromised records; over 100 million were captured in the attack on Home Depot; roughly 145 million from eBay; and so on.
It’s a figure often difficult to imagine. To illustrate, if the records had been compromised at a rate of one per second, it would have taken the hackers approximately 30 years to achieve what they managed in 2014 alone.
Gemalto noted that only 4 percent of that attacks were secured breaches, which means attackers breached the perimeter security, but strong encryption or authentication solutions rendered the data useless.
The BLI report calculates data breaches based on disclosed information. The company notes that due to legal requirements, not all breaches are reported or publicly disclosed.