Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Data Breaches on the Rise in 2014

Posted in Cybersecurity, Data Breaches, Data Security, International, United States

More than 200 million records were lost in digital breaches during the first three months of 2014, according to a new report that parses publicly available information on data breaches.   The records were lost in connection with at least 254 publicized breaches, according to SafeNet, a data security company that published the report.

Those numbers represent a 233% increase from the same time period in 2013.  Still, they provide only a partial look at the extent of the issue, since many breaches are never publicly disclosed.  Even if they are disclosed, 46% of breaches did not report how many records were lost, SafeNet found.

The most likely cause for a breach was a malicious insider, accounting for 52% of all records breached, the survey found.  Coming in second: malicious outsiders, who accounted for 43% of records breached.  All other causes combined accounted for fewer than 5% of records breached, SafeNet said.

The financial industry suffered the worst breaches, accounting for 55% of the records lost worldwide, while the healthcare industry had the highest number of breaches, according to the report. 

Although North America had the highest number of disclosed breaches, representing 74% of reported breaches worldwide (which is unsurprising, given that the U.S. has one of the most advanced systems requiring disclosure of data breaches), it accounted for only a small fraction of the total records lost.  South Korea experienced four of the top five breaches, with a loss of 158 million records that amounted to 86% of all records breached, SafeNet found.  

The vast majority of organizations that suffered breaches did not secure their data using strong encryption, the report found.  Of the 254 breaches, only 1% involved records with strong encryption, key management and/or authentication solutions that rendered the data useless.