Data Breaches Surge in 2014 with 200 Million Data Records Stolen in First Three Months of the Year
- 233 Percent Increase Over Q1 2013
- SafeNet Breach Level Index Reveals Only 1 Percent of 254 Q1 Data Breaches Were “Secure Breaches” Using Encryption
- Four of the five worst data breaches occurred in South Korea
April 29, 2014
SafeNet, Inc., a global leader in
data protection solutions, today released the highlights from its SafeNet Breach Level
(BLI) for the first quarter of 2014. More than 200 million records were stolen,
the equivalent of approximately 93,000 records stolen every hour, between
January and March, which was an increase of 233 percent over the same time last
year. Of the 254 data breaches that occurred during the quarter, only 1 percent
were “secure breaches,” or breaches where strong encryption, key management, or
authentication solutions protected the data from being used.
The Breach Level Index provides
details about hundreds of individual data breaches, which can be sorted by
source, industry, risk level, and date. Highlights from the first quarter
than 254 data breaches were publicized, representing 200 million lost or stolen
data records. Because of the varying strictness of data breach reporting
requirements around the globe, this quarterly data does not include organizations
that didn’t disclose the amount of data records that were exposed. In all
probability, the total number is likely to be even higher.
Korea took the top spot of all countries with four of the top five breaches
worldwide and a loss of 158 million records across a variety of industries.
This represents 79 percent of the total number of reported breached records
worldwide. These four breaches included the Korea Credit Bureau, Korean Medical
Association, Korea Telecom, and Naver, a major Korean search portal. While the
number of South Korean breached records was extremely high, the number of
breach incidents in Asia Pacific as a whole accounted for only 7 percent of the
total number of global breaches, dwarfed by the 78 percent (199 incidents) that
occurred in North America and 13 percent in Europe.
financial industry was hit hardest, accounting for 56 percent of all data
records lost or stolen. However, it represented
14 percent of total breaches during the quarter.
healthcare industry was hit hard in terms of breach events, accounting for 24
percent of all breaches. However, the
industry accounted for just 9 percent of data records lost or stolen.
percent of all records lost or stolen came from the technology industry, while
retail represented just 1 percent of data records lost or stolen and 10 percent
of all data breaches, even including the Sally Beauty Supply breach, which made
and education breaches accounted for less than 1 percent of total records
stolen and 23 percent of data breaches, including the University of Maryland’s
breach of 287,000 records stolen early this year.
outsiders accounted for 156 (62 percent) of total incidents during the first
quarter, with over 86 million records stolen. Malicious insiders only accounted
for 11 percent of total incidents, but they were much more effective,
accounting for 52 percent of records stolen. Accidental loss represented 25
percent of total incidents, while hacktivist and state-sponsored attacks added
up to only 2 percent of the total.
were approximately three breaches and 2.2 million records stolen each day, and more
than 93,000 per hour.
quarterly breakdowns are available in the BLI
white noise of data breach reporting makes every breach seem just as bad as the
last, but this is certainly not the case. Some organizations are handling
customer data responsibly, and others are not. Tools like the Breach Level
Index can help companies and the public alike understand the actual severity of
breaches on a graduated scale and distinguish between these two groups,” said Tsion
Gonen, chief strategy officer, SafeNet. “In differentiating between secure and
insecure breaches, it’s important to look at which victims have protected their
data with encryption to limit the damage from a breach and render the date unusable
to cyber criminals.”
About the Breach
BLI provides a centralized, global database of data breaches and calculates
their severity based on multiple dimensions, including the type of data and the
number of records stolen, the source of the breach, and whether or not the data
was encrypted. By assigning a severity score to each breach, the BLI provides a
comparative list of breaches, distinguishing nuisances from truly impactful mega
breaches. Information populating the BLI database is based on
publicly-available breach disclosure information.
first collaborated with industry analyst firm IT-Harvest in 2013 to develop the logarithmic formula
used to determine breach severity. When calculating the severity of data
breaches, the BLI factors in multiple inputs, including data type, number of
records stolen, breach source, and if the high-value data remained secure after
the breach was discovered. These inputs are then processed through a
proprietary algorithm that produces an index number, with 1 being least severe
and 10 being most severe.
Information in the Breach Level Index is collected from public
sources. SafeNet provides this information “as-is”, makes no
representation or guaranties regarding this information, and is not liable for
any use. A secure breach is categorized as a breach in which strong encryption,
key management and authentication solutions protect the data from being
accessed during an attack.
Data Breach Breakdown for Q1 2014 blog post:
Level Index website:
the Breach website:
the Breach Manifesto:
White Paper: Categorizing Data Breach Severity with
a Breach Level Index: