First Quarter 2014 Exposes 176 Million Records – Troubling Trend Of Larger, More Severe Data Breaches Continues

We are pleased to announce the release of the next installment of Risk Based Security’s Data Breach QuickView report. Analysis of data compromise activity for Q1 2014 shows that, while the number of incidents taking place remains comparable to Q1 2013, the number of records lost per incident is on the rise. The total number of records exposed in the first quarter of 2014 exceeded 176 million – or roughly a 46% increase compared to the number of records loss in Q1 2013.

It’s difficult to say whether security is deteriorating, bad actors are getting better or some combination of both.” said Inga Goddijn, Managing Director of Insurance Services of Risk Based Security. “What we do know is that there have been eight events in the past six months that have involved the compromise of at least 10 million records per event and the trend is continuing with the most recent revelations at eBay.

The report also highlights the continuing trend of targeting user names, e-mail addresses, and passwords. Although this type of information in and of itself typically doesn’t hold the same value as Social Security or credit card numbers, this data can be the keys to opening up the doors that access more valuable information. The continued focus on this type of data may be indicative of more complex or better-planned attacks currently happening involving third-parties and on the horizon.

Another disturbing trend is the rate of repeat events at the same organization. Goddijn added, “when analyzing the full data set, we can see that 97 organizations that reported a data breach in the first quarter of 2014 had also reported a breach in the past. In addition, three of these organizations had multiple breaches in the first quarter of this year.

Risk Based Security’s research continues to show that all organizations, regardless of size, industry, or location, are at risk for a breach. Our security advisers and CISOs recommend business leaders take an active role in the continuous evaluation and improvement of the organization’s information security management system. Timely, accurate, and comprehensive vulnerability and threat intelligence can give organizations the edge they need not to show up in the next data breach report.

You can view the 2014 1Q Data Breach QuickView report here:

http://www.riskbasedsecurity.com/reports/2014-1QDataBreachQuickView.pdf

About Risk Based Security, Inc.

Risk Based Security is a leading-edge security and threat intelligence company. We provide the most timely, highest quality and most fully comprehensive vulnerability and data breach intelligence services available. Data intelligence is the basis for our consulting and information security services including ISO/IEC 27001SDL and our virtual YourCISO service.

For more information, please contact us via email or call 855-RBS-RISK.