2020 on track to hit data breach record

Although only halfway through, this year is already on track to see more than five billion records stolen in data breaches in a single country alone; not only exceeding 2019 totals but accounting for one record per person for more than 60% of the global population.  

The findings, published in ForgeRock’s Consumer identity breach report assessed breaches impacting consumers in the UK, US, Australia and Germany in 2019 and Q1 2020, as well as providing year-over-year comparisons to breaches affecting consumers in 2018 in the US.

Full year 2019 figures for the US showed that 5.05 billion records were impacted at a cost of US$1.2 trillion, up 78.57% from 2018, which had 2.8 billion records impacted. In Q1 2020, more than 1.6 billion consumer records were impacted by breaches – demonstrating this year is on track to top 2019 figures.

The reasons could be linked to Covid-19, with phishing scams now on the rise as people isolate during global lockdowns.

The report read: “Phishing is likely to continue to be a popular attack method in 2020, as malicious agents use it to target consumers with false information on the Covid-19 pandemic. Using adaptive, context-aware authentication methods can help to combat this threat without negatively impacting the consumer experience.”

Looking at the US market by sector, technology saw the costliest impact, exceeding $250 billion for more than 1.3 billion breached records, while the health industry was the most targeted, accounting for 45% of all breaches.

Taking a global look at impacted industries (see graphic), healthcare is followed by the banking, insurance and financial sectors (12%); education: (7%); government (5%) and retail (5%).

2019 global figures – total records by industry

In the UK – where GDPR regulations have now been in place two years – mandatory breach reporting saw numbers increase almost 324.24% between May 2018 and May 2019, with the Information Commissioner’s Office (ICO) recording 14,000 breaches over the period.

What do the hackers want? Overwhelmingly it’s personally identifiable information (PII), which accounts for 98% of all data.

The report concluded: “Even the most seemingly harmless piece of data can be combined with other sources of information to result in serious compromise. Service providers should help consumers avoid providing unnecessary copies of data by adhering to the privacy principle of data minimisation.

“Additionally, they can provide users with greater transparency and control in how information is collected and used through a comprehensive consent and permissions management approach.” Advising organisations to employ a “comprehensive identity and access management solution” the report advised it is “the best approach for preventing access in cases of both internal and external threats.”

Read the latest from the Data Economy Newsroom: