RBS Releases Report on Data Breach Statistics in 2017

A report covering data breaches in 2017 has recently been released by Risk Based Security (RBS). The report revealed there has been a 305% increase in the number of records exposed in data breaches compared to 2016.

RBS- a provider of real time information and risk analysis tools-analyzed breach reports from the first 9 months of 2017 in the report. In a recent blog post on the company website, it was explained that 2017 has been “yet another ‘worst year ever’ for data breaches.”

In the third quarter of 2017, the report stated that there were 1,465 data breaches reported. This brings the total number of publicly disclosed data breaches up to 3,833 incidents for the year. In total, more than 7 billion records have been exposed or stolen because of these breaches.

RBS reports there has been a steady rise in publicly disclosed data breaches since the end of May. The figures show September to be the worst month of the year; more than 600 data breaches were disclosed in September alone.

Over the past five years, several different reports have shown a notable steady rise in reported data breaches. In 2013, there were 1,966 data breaches reported data breaches. This is nearly half of the figure for 2017, at 3,833. The number of reported data breaches has increased by 18.2% per year between 2013 and 2017.

Alongside the quantity, the severity of data breaches has also increased. In 2016, 2.3 billion records were exposed in the first 9 months of the year. In 2017, the figure jumped to 7.09 billion; a factor of three increase between years.

Most of the exposed records in 2017 came from just five breaches. These breaches exposed approximately 78.5% of all the records exposed so far in 2017, with nearly 5.5 billion documents released.

The breach at DU Caller exposed 2,000,000,000 records, and the River City Media breach saw 1,374,159,612 records exposed. An web breach of an unnamed organisation exposed 711,000,000 records, and the EmailCar breach saw 267,000,000 records exposed.
These breaches all rank within the top ten data breaches of all time, ranking as the 2nd, 3rd,  4th, and 9th worst data breaches of all time respectively. Except for one breach in 2014, all the top ten data breaches of all time have been discovered in 2016 (4) and 2017 (5).

While the above breaches involved the most records, the most severe data breach of the year to date was the breach at Equifax. This breach exposed the records of 145,500,000 individuals, and while it only ranks in 18th place in the list of the worst data breaches of all time by quantity, RBS rates it as the most severe data breach of 2017 due to the nature of data obtained by the hackers.

By far, the main cause of 2017 data breaches, was hacking. Nearly 2,000 data breaches were due to hacks, while 433 breaches were due to skimming, phishing was behind 290 breaches, viruses caused 256 breaches, and 206 breaches were due to web attacks. RBS reports that there have been 69 data breaches reported in 2017 that involved the exposure or more than a million records.

Web attacks may have come in at fifth place in terms of the number of breaches, but the attacks resulted in the greatest number of exposed records – 68.5% of the total. Hacking only accounted for 30.9% of exposed records despite being the most prevalent cause of breaches.

The business sector has been worst affected by data breaches in 2017, accounting for 68.5% of the total, followed by ‘unknown’ sector with 12.6%. Medical data breaches were in third place accounting for 8.5% of the total.