The amount of data leaked due to data breaches surged to a whopping 36 billion in the first three quarters of 2020, twice the number of records leaked in 2019.  Around 21% of data breaches involved ransomware, research from cyber risk analytics firm Risk Based Security finds.
The number of data records exposed in breaches this year is well past the numbers recorded in 2019, a report by Risk Based Security reveals. The cyber risk analytics provider found that a whopping 36 billion data records were exposed online by the end of Q3 2020. The 2020 Q3 Data Breach QuickView ReportOpens a new window reveals that it took only three quarters for hackers in 2020 to expose more data records, twice the number of records exposed in 2019.
There were 2,953 publicly reported breaches in the first three quarters of 2020 versus 1447 recorded by the end of Q3 in 2019. In Q3 alone, two breaches exposed one billion data records each. When put together, just eight breaches from Q3 2020 accounted for over 22% of exposed data breaches.
See Also: Over 10 Billion Data Records Are Vulnerable to Breaches: NordPass
Number Of Records Lost (In Millions) Reported By Q3 Each Year
Source: Risk Based Security
Number Of Breaches Reported By Q3 Each Year
Source: Risk Based Security
Major Causes of Data BreachÂ
Unsurprisingly, the number one cause of all breaches is malicious actors, causing 77.5% (2290) of all breaches in Q3. Approximately 17% (498) of all breaches originated from within an organization while the remaining 5.5% were caused by unknown factors.Â
A further drill-down of breach data shows that 69% of internally caused breaches occurred due to errors like misconfigured databases and accidents.
Number of Breaches By Attack Vector
Source: Risk based Security
See Also: Law Firm Data Breach Exposes Google Employees’ Personal Information
Though improved cloud, database configuration practices go a long way in hardening the security posture of an organization, threats posed by malicious actors is the biggest concern. Inga GoddijnOpens a new window , Executive Vice President at Risk Based Security believes ransomware was a leading cause of data breaches in 2020. Around 21% of reported breaches involved the use of ransomware.
But what about the unreported ones? The rate of publicly disclosed data breach events by the end of September 2020 (Q3) is nearly 50%.
Goddijn said, “While many of these attacks are now clearly breach events, the nature of the data compromised can give some victim organizations a reprieve from reporting the incident to regulators and the public. After all, while the compromised data may be sensitive to the target organization, unless it contains a sufficient amount of personal data to trigger a notification obligation the event can go unreported.â€
Goddijn believes in the backdrop of the 2020 US election, the cybersecurity industry as a whole appears to be less focused on tackling hacktivism than it did in 2016. “This could be due to general “breach fatigueâ€, heightened focus on the mail-in voting process, or simply the overwhelming amount of newsworthy events taking place in recent weeks. It makes sense to focus on the issues that are on your doorstep, rather than those that are not as transparent,†said Goddijn.
What Was Breached?
Personally Identifiable Information (PII) and financial information continues to be the most frequently exposed in a data breach, per the report. Here are the top data types exposed in breaches by Q3 2020.
|
Data Type |
Percent Share |
| Name |
45.10% |
|
|
36.00% |
| Password |
29.40% |
|
Miscellaneous |
28.30% |
| Unknown |
27.10% |
|
Social Security |
26.00% |
| Address |
21.90% |
|
Date of Birth |
16.20% |
| Financial |
15.60% |
|
Medical |
12.80% |
| Credit Card |
12.30% |
|
Account |
10.30% |
See Also: Pharma Giant Pfizer Suffers Patient Data Leak Due to Cloud Misconfiguration
Who Was Breached?
The healthcare sector was the most attacked by hackers in 2020. Healthcare organizations saw a total of 341 breaches, followed by Information services (306) and the Finance & Insurance (274) sector. Meanwhile, Public Administration and Professional/Scientific take up the fourth (259) and fifth (242) positions, respectively.Â
Note: Risk Based Security’s report is based on automated processes coupled with traditional human research and analysis. The company’s applications crawled the internet 24×7 to capture and aggregate potential data breaches.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!