Data Breaches Lead To Over 1 Billion Records Exposed In The First Half of 2016

Risk Based Security and RPS Executive Lines are pleased to announce the release of the latest installment of the Data Breach QuickView Report. The MidYear 2016 Report shows that, while the number of data breaches for the year is down approximately 17% compared to the same time last year, the number of records compromised is off the charts, with over 1.1 billion – yes billion – records exposed in the first six months of 2016. With another 6 months still to go, this year is already the worst year on record for the amount of sensitive information compromised.

Get Copy Of The Mid Year 2016

Looking at the numbers, we can’t help but ask “How did this happen?!?” A deeper examination of the breaches behind the numbers reveals several interesting trends including:

  • Attackers continue to have success using tried and true techniques
  • Misconfigured databases continue to serve up large amounts of data
  • Reusing log-in credentials across multiple sites can have cascading effects across many organizations

The first few months of the year proved just how successful tried and true attack methods can be. Whether it’s called Business Email Compromise, CEO fraud, spoofing or spear phishing, a wave of well-crafted and well-targeted fraudulent emails asking for sensitive information has produced exceptional results. Approximately 150 organizations in the U.S. reported giving up confidential information to fraudsters when unsuspecting employees responded to requests for information. The bulk of the attacks targeted W-2 data – including employee names, addresses, Social Security numbers and wage details – and occurred early in the year just ahead of the tax filing deadline. Although the frequency of disclosures has abated since the spring, incidents continue to be reported with companies like Gamesa Wind and Krispy Kreme Doughnuts disclosing incidents as late in the quarter as June 27th.

The problem of open, unprotected databases which we have reported on previously may be as old a problem as phishing for data. But unlike their phishing-victim counterparts, the number of organization reported to be leaking sensitive data in the first half of the year was well under 150. However, where each phishing attack averaged 2,432 records lost per breach, unsecured databases tended to serve up more significant amounts of information.

One of the largest unsecured database breaches to come to light this year impacted 93.4 million Mexican citizens, when MacKeeper security researcher, Chris Vickery, discovered a misconfigured MongoDB hosted on AWS servers located in the United States. The leak exposed voter details beyond name and address, including dates of birth, occupation and some national identification numbers. Unfortunately Mexico was not alone this year when it comes to open voter databases. A client of a data services company L2, had their own experience with an exposed database, this time impacting 154 million U.S. voters. The CouchDB database belonging to the unnamed client was apparently left open after hackers took down the firewall protecting the database. It remains unknown whether the data was taken or merely left open and unprotected. Either way, 247 million identities were put at risk by just two incidents.

It has long been known that username and password leaks at one organization can lead to hijacked accounts at a different company. Like phishing and poorly protected databases, using stolen credentials to gain access to valuable information is nothing new. Also like phishing and leaky databases, the first half of the year has seen the problem reach new heights. Mega credential breaches like the ones at MySpace, iMesh, Tumblr, and the 100 million plus additional credentials from the 2012 LinkedIn breach lead to very real consequences for the likes of TeamViewer, Carbonite and GoToMyPC. Each of these organizations were hit with “password re-use attacks”, compromising an unknown number of user accounts. While official statements and spokespersons were quick to point out their own security was not breached, that fact is little comfort to those that had their accounts accessed. Likewise, the incidents also triggered large-scale password reset procedures, keeping security teams and administrators alike occupied with the response effort.

The research from the Quickview Report suggests that the old epigram “the more things change, the more they stay the same” continues to ring true when it comes to data breaches. Attackers continue to rely on current successful strategies, even when those strategies are as simple as a well crafted phishing email or preying on the habit of recycling comfortable, easy to remember passwords. Likewise, we do ourselves few favors when we fail to take reasonable and necessary steps to protect our most valuable information assets.

About the Data Breach QuickView Report

The Data Breach QuickView report is possible through the research conducted by Risk Based Security and sponsored by RPS Executive Lines. It is designed to provide an executive level summary of the key findings from the analysis of the first six month of 2016’s reported data breaches.

About Risk Based Security (RBS)

RBS-signature-graphicRisk Based Security provides detailed information and analysis on Data Breaches and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner.

Cyber Risk Analytics (CRA) provides actionable threat intelligence about organizations that have had a data breach or leaked credentials. Our PreBreach ratings, the result of a deep-view into the metrics driving cyber exposures, can be used to better understand the digital hygiene of an organization and the likelihood of a future data breach.

VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API that allows easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search and be alerted on the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.

About RPS Executive Lines

RPS Exec logoRPS Executive Lines, market-leading specialists in public, private, and nonprofit Directors & Officers (D&O), Employment Practices Liability (EPL), Cyber Liability (Cyber), Errors & Omissions (E&O), Fiduciary, Crime, and Kidnap & Ransom insurance products, provides you with total management insurance solutions for your clients. No matter how intricate the risk, we can help you secure competitive coverage for your insureds from the 100 different insurance markets with which we work. We will also assist you in educating your clients on pinpointing their hidden exposures to loss and helping them fortify against their vulnerabilities, ultimately improving their risk profile and strengthening our negotiations with the insurance market.

You can get your copy of MidYear 2016 Data Breach QuickView report here.