6+ billion records exposed in data breaches in first half of 2017


There have been 2,227 publicly disclosed data compromise events since the beginning of the year through June 30th, according to Risk Based Security.

While this is in keeping with the number of breaches disclosed mid-way through 2015 and 2016, the total number of records exposed topped six billion, surpassing 2016s’ year-end high mark for the number of records compromised.

“It is stunning to see the steady increase in the number of breaches impacting one million or more records. In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents”, said Inga Goddijn, Executive Vice President for Risk Based Security.

“Even more striking, in Q1 we had a new single largest breach disclosed [River City Media], only to replaced by yet another all-time largest breach [DU Caller Group] in Q2.”

Another trend that has accelerated in 2017 is the targeting of tax data. The first six months of 2016 saw over 160 phishing incidents compromising W-2 data. This year the number of confirmed successful attacks increased by 25%, with more incidents still coming to light. In addition to scamming HR professionals, organizations that aggregate such data were also targeted.

A number of accounting firms and payroll service providers were breached, as was America’s Job Link Alliance, a workforce development specialist serving various state employment agencies across the United States. Vulnerable code in their service platform was exploited, resulting in the compromise of approximately 5.5 million job seekers’ names, addresses, dates of birth and Social Security numbers.

As with prior reports, the number of incidents attributed to hacking remains high, accounting for 41% of disclosed breaches. With the number of vulnerabilities reported this year on pace to exceed 2016 and over 4,000 of those vulnerabilities going uncovered by the CVE and National Vulnerability Database (NVD), it is tempting to attribute the high percentage of breaches from hacking to inferior or incomplete vulnerability intelligence.

Inadvertent online disclosure continues to be the leading cause of records compromised in 2017, accounting for 68% of records exposed, but only 7.1% of incidents reported so far this year.

“There are a lot of moving parts to an effective patch management program, but no matter how strong that process might be, it can be undermined when known vulnerabilities are missed simply because the organization was not aware to look for them,” Goddijn remarked.

“While news of politically motivated foreign interference in election systems continues to dominate the headlines, the breach activity we are tracking this year is a stark reminder of just how many data compromise incidents are motivated by financial gain. As long as information can be quickly monetized and systems remain vulnerable to attack, we should not expect to see any slowdown in breach activity.”