Uh Oh, 1.4 Billion Data Records Breached in 2016, Report Says

1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015, according to the findings of Gemalto’s latest Breach Level Index report.

Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches, up by 5% from 2015.

Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015.

Gemalto’s Breach Level Index is a global database that tracks data breaches and measures their severity based on the number of records compromised, the type of data compromised, the source of the breach, how breached data was used, and whether or not the data was encrypted. Gemalto uses these factors to assigning a severity score of 1-10 to each breach.

In 2016, the top 10 breaches in terms of severity accounted for over half of all compromised records. In fact, one breach, the account access based attack on AdultFriend Finder, scored a perfect 10 in terms of severity, after exposing 400 million records last year—nearly 30 percent of all records breached in 2016.

It should be noted that though Yahoo! reported two major data breaches involving 1.5 billion user accounts in 2016, those breaches are not included in the BLI’s 2016 numbers because they occurred in 2013 and 2014.

Perhaps most troubling is that 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported, according to Gemalto.

“The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid”, said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.