2017, Yet Another “Worst Year Ever” For Data Breaches

The number of records exposed due to data breaches in the first nine months of 2017 is up 305% compared to the same period in 2016.

RICHMOND, VA, November 8, 2017 — Risk Based Security today announced the release of its Q3 2017 Data Breach QuickView report, showing there have been 3,833 publicly disclosed data compromise events through September 30th. The pace of disclosures began to steadily increase in July, peaking in September with over 600 reported breaches reported for the month.

“The events at Equifax dominated the news in Q3 – and rightly so,” commented Inga Goddijn, Executive Vice President for Risk Based Security. “The breach stands out for so many reasons, ranging from the sheer size of the data loss to the poor handling of the response. But the attention masked several other events such as the Sonic and Piriform compromises that, in any other month, would be high profile breaches in their own right.”

One trend that stood out to the RBS research team was the number of leaks targeting access credentials for popular streaming services. Login information from unrelated organizations is being acquired from other leaks or websites and tested against service providers like Netflix, Hulu, Spotify and several others. Once validated, the credentials are being leaked and used to take advantage of premium subscriptions. While this practice is not new – there is a steady stream of such leaks every quarter – there was a noticeable uptick in this activity in Q3.

“Over the past few years, quarter after quarter, we have seen how popular it is to target account credentials. However, in the first half of 2017, it was one of the few times that we saw usernames, email address and passwords fall out of the top spots of data types most compromised. That trend has faded and once again, we’re seeing access credentials return as the most exposed data types” Ms Goddijn added.

The trends are not all bad news however. A combination of factors, including fewer records compromised per breach and a shift away from data breaches exposing Social Security numbers and other higher value data, has pushed breach severity scores lower for the quarter. Ms Goddijn comments, “while we are tracking more data breaches, we are seeing the severity skew lower in Q3 compared to the first half of the year. It’s a trend we hope to see continue for the remainder of the year.”

Risk Based Security has been capturing and aggregating data breach events for well over a decade. The wealth of breach data coupled with actionable security ratings for organizations has made Risk Based Security a leader in vendor risk management, cyber insurance and risk modeling. For more information, contact Risk Based Security at 855-RBS-RISK or visit www.riskbasedsecurity.com.

About the Data Breach QuickView Report

The Data Breach QuickView report is possible through the research conducted by Risk Based Security. It is designed to provide an executive level summary of the key findings from RBS’ analysis of breach activity disclosed in 2017. Contact Risk Based Security for any specific analysis of the 2017 data breaches of specific interest to your organization.

You can get your copy of the Q3 2017 Data Breach QuickView Report here:

https://pages.riskbasedsecurity.com/2017-q3-breach-quickview-report

About Risk Based Security

Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.

Cyber Risk Analytics (CRA) provides actionable organization security risk ratings and data breach intelligence. Our threat intelligence empowers organizations to reduce exposure to the threats most likely to impact them and their vendor base. Our PreBreach security risk rating, the result of a deep-view into the metrics driving cyber exposures, are used to better understand the digital hygiene of an organization and the likelihood of a future data breach. The integration of PreBreach ratings into security processes, vendor management programs, cyber insurance processes and risk management tools allows organizations to avoid costly risk assessments, while enabling businesses to understand its risk posture, act quickly and appropriately to proactively protect its most critical information assets.

VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.

YourCISO provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.  YourCISO provides organization ready access to a senior executives and highly skilled technical security experts with a proven track record, matched specifically to your needs. The YourCISO service is designed to be an affordable long term solution for addressing information security risks.  YourCISO brings together all the elements an organization needs to develop, document and manage a comprehensive information security program.

For more information, please visit:

https://www.riskbasedsecurity.com/

https://www.cyberriskanalytics.com/

https://vulndb.cyberriskanalytics.com/

https://www.yourciso.com/

or call 855-RBS- RISK