Security Market Segment LS
Wednesday, 19 April 2017 08:15

Almost 1.4b data records compromised in 2016, 44 per second, Gemalto says Featured


Digital security firm Gemalto asks, "Do you know where your data is?", revealing 1792 disclosed data breaches in 2016 led to almost 1.4 billion data records being compromised.

Gemalto further says cyber criminals are casting their eyes further afield than traditional, historical financial attacks. The "easy money" for hackers and crackers is coming less from banks, and more to ransomware and identity theft. In fact, identity theft accounted for 59% of all data breaches in 2016, up 5% from 2015.

"The Breach Level Index highlights four major cyber criminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid," said Graeme Pyper, regional director, Australia and New Zealand at Gemalto.

This data comes from Gemalto's 2016 Breach Level Index, released last week. The 1.4 billion number is an increase of 86% compared to 2015. About 52% of the data breaches in 2016 did not initially disclose the number of compromised records at the time they were announced. Some industries, such as healthcare, have still not disclosed the number of affected records. In fact, 940 of the 1792 breaches have a publicly unknown amount of data involved.

Gemalto's Breach Level Index is a global database that benchmarks publicly disclosed data breaches including the number of compromised records, type of data, severity, how it was used and whether or not it was encrypted.

Gemalto states more than seven billion records have been exposed since 2013 when the index was started. This comes to over three million records compromised daily, or 44 records a second.

By far, the number one breach was Adult Friend Finder, hit by an account access data breach by a malicious outsider, exposing more than 400 million records. Coming in second was an identity theft attack by a malicious outsider on the Philippines' Commission on Elections with 77.7 million records stolen, including fingerprints.

In the 2016 index, Gemalto includes 145 reported incidents across APAC, with 44 in Australia alone. As this is self-disclosed data, Gemalto notes this is only "the tip of the iceberg" as mandatory data breach reporting legislation comes into effect.

Account access based breaches decreased since 2015, down by 3%, though with a far greater impact, making up 54% of all breached records which is an increase of 336%. Gemalto notes this highlights the cyber criminal trend away from financial data to bigger databases that contain larger volumes of personally identifying information.

By far the largest target for data breaches was healthcare, accounting for 28% of all data breaches, up 11% from 2015. However, the number of compromised data records has decreased by 75% from the previous year. Financial services companies accounted for 12% of data breaches, down 23% from 2015.

A big takeaway for IT managers from Gemalto's research is that only 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full. Of the 1.4 billion records compromised, only 6% were encrypted partially or in full.

While this represents an increase from the 2015s 4% of incidents and 2% of encrypted records, it is still a trite number. Pyper notes that an organisation's security efforts cannot simply rest at the perimeter, but must also have a means of making data useless should an unauthorised person get hold of it.

"Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming changes to Australia’s mandatory data breach notifications. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits," he said.

In fact, in this modern day of pervasive cloud technology there is almost no perimeter anymore. Thus, the Breach Level Index truly highlights to IT departments the seriousness of protecting data. Encrypting data to make it useless to attackers is paramount. Similarly, containing the places where data can go and limiting access to data are also important strategies. Gemalto refers to this as protecting data at "rest and in motion".


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.



Recent Comments