Data breaches were rampant in 2019, occurring at an unprecedented pace. However, the first half of this year has seen a reduction in the number of reported events. Reported being the operative word.
In the first six months of 2019, more than four billion records were exposed in 3,800 publicly disclosed breaches, according to cybersecurity firm NortonLifeLock.
A publicly reported data breach is one required by state law and reported by a government official; part of a public regulatory filing such as an SEC filing; listed on a company website, social media, news release or breach notice letter or published in an accredited media publication, or disclosed by a recognized cybersecurity researcher or firm, explained James E. Lee, Chief Operating Officer at the Identity Theft Resource Center (ITRC).
The Center is a non-profit organization established to support identity theft victims in resolving their cases and to educate the public and make it aware of identity theft and associated issues such as data breaches, cyber security, scams, fraud and privacy issues.
Breaches in 2019 included:
Bank holding company Capital One, in March: 106 million records;
Social-planning website Evite, in August: 100 million records; and
American Medical Collection Agency: more than 20 million records breached, which led to the firm’s filing for bankruptcy.
In all, more than 15 billion records were exposed in nearly 7,100 data breaches throughout calendar 2019.
Breaches Subside in 2020
This year however, the number of publicly reported data breaches has fallen.
“During this period, we saw less activity from many threat actors who would normally be making all kinds of havoc,” Adam Kujawa, director of Malwarebytes Labs, told TechNewsWorld. Malwarebytes Labs is the intelligence arm of antimalware software firm Malwarebytes.
The ITRC says the number of data breaches between January and June fell by 33 percent year over year.
During that period, a little more than 163 million individuals were affected by breaches — 66 percent less than in January to June 2019.
Risk Based Security says publicly reported breaches in the first half of this year fell to a five-year low, but still showed a total of 2,037. It said more than 27 billion records were exposed during that period — 12 billion more than were exposed throughout the whole of 2019.
So what gives? Why this huge discrepancy in the numbers?
Differences in methodology, ITRC’s Lee told TechNewsWorld. Risk Based Security includes information from outside the United States, while the ITRC’s data is based only on events in the U.S.
Also, as a national non-profit that provides free services to victims of identity crimes or compromises, “our focus is on the number of people impacted, not the number of records exposed,” Lee noted.
“In mass data breaches or exposures there are multiple records per person, which always means the number of records exposed will almost always be an order of magnitude higher than the number of people impacted,” he said. “There is no one-to-one correlation between people and records.”