Contact Us

No One is Immune to Breaches as 183 Million Accounts Compromised in Q3 2014

Large Scale Attacks Against Financial Firms, Retail Companies, and Consumers’ Personal Identities and Online Accounts Are Dominant Trends

BALTIMORE
November 18, 2014

Consumers experienced a wide range of data privacy and security threats in the third quarter of 2014 as hackers successfully conducted large-scale attacks against financial services and retail companies as well as consumers' personal online accounts and identities. These were just some of the findings from the third quarter 2014 Breach Level Index (BLI) released today by SafeNet, Inc., a global leader in data protection solutions.

Between July and September of this year, there were 320 breaches reported worldwide, an increase of nearly 25 percent compared to the same period last year, and more than 183 million customer accounts and data records containing personal or financial information were either stolen or lost.

Individuals also felt the data privacy pinch with breaches occurring across three major consumer activities: their banking, shopping, and online identities. Financial Services (42%) and Retail (31%) took the top spots among all industries in terms of the number of compromised customer accounts and data records. These were followed by breaches involving Technology and Personal Online Accounts (20%) such as email, gaming and other cloud-based services. In addition, Identity Theft also took the top spot among the types of data breaches, accounting for 46% of the total.

"Consumers' heads must be spinning as criminals are easily getting access to their credit card, banking and personal information at every turn," said Tsion Gonen, chief strategy officer at SafeNet. "'Companies should assume a breach and plan accordingly. They need to implement technologies and programs that minimize the impact of a breach on top of the traditional prevention. As it is, these technologies are just not being used by to the fullest extent by either consumers or companies."

Q3 Highlights

By Top Three Industries Impacted:

1. Financial Services Industry

  • 77,605,972 data records stolen or 42% of all data records stolen
  • 33 data breach incidents or 11% of all data breach incidents

2. Retail Industry

  • 57,216,390 data records stolen or 31% of all data records stolen
  • 47 data breach incidents or 15% of all data breach incidents

3. Technology/Social Media/Other Online Services

  • 36,415,080 data records stolen or 20% of all data records stolen
  • 38 data breach incidents or 11% of all data breach incidents

"The retail industry has been consistently hit hard with breaches. Criminals want to have access to credit card and banking information for financial gain or to obtain personal information to use for identity theft. Customers have been very tolerant of these breaches, because they feel that this access can be corrected by someone else, like a bank replacing a stolen credit card. However, this new surge of online identity breaches is much more serious for individuals. Once your personal photos or private messages have been accessed and leaked online, there's no fixing that. Those items will be forever in cyberspace for your future employers, friends and family to access," continued Gonen. "While it's not surprising that sophisticated cybercriminals are continuing to attempt these breaches, what is surprising is that again only 1% of breached records had been encrypted. Now is the time for customers to demand that their personal information be encrypted by companies."

By Data Breach Type

  • Account Access: 86,393,338 records or 48%, and 39 data breach incidents or 12% of all incidents
  • Financial Access: 58,453,288 records or 33%, and 52 data breach incidents or 16% of all incidents
  • Identity Theft: 30,717,154 records or 17%, and 147 incidents or 46% of all incidents
  • Nuisance: 3,195,285 records or 2%, and 46 incidents or 15% of all incidents
  • Existential Data: 116,220 records or <1%, and 36 data breach incidents or 11% of all incidents

By Source:

  • Malicious Outsiders: Accounted for 173,835,350 data records stolen or 97%, and 172 data breach incidents or 54%
  • Accidental Loss: Accounted for 2,795,235 data records lost or 1%, and 77 data breach incidents or 24%
  • State Sponsored: Accounted for 2,075,584 data records stolen or 1%, and 24 data breach incidents or 7%
  • Hacktivists: Accounted for 117,105 data records stolen or <1%, and 8 data breach incidents or 3%
  • Malicious Insiders: Accounted for 52,011 data records stolen or <1%, and 38 data breach incidents or 12%

By Geography

  • The United States reported more data breaches than any other country with 199 incidents (or 62%), followed by the United Kingdom with 33 incidents (or 10%), Canada with 14 incidents (or 4%), Australia with 11 incidents (or 3%), and Israel with 10 incidents (or 3%).
  • North America: 215 incidents or 66%
  • South American: 2 incident or 1%
  • Europe: 51 incidents or 16%
  • Middle East & Africa: 21 incidents or 7%
  • Asia-Pacific: 31 incidents or 10%

About the Breach Level Index

The BLI provides a centralized, global database of data breaches and calculates their severity based on multiple dimensions, including the type of data and the number of records stolen, the source of the breach, and whether or not the data was encrypted. By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Information populating the BLI database is based on publicly-available breach disclosure information.

SafeNet first collaborated with industry analyst firm IT-Harvest in 2013 to develop the logarithmic formula used to determine breach severity. When calculating the severity of data breaches, the BLI factors in multiple inputs, including data type, number of records stolen, breach source, and if the high-value data remained secure after the breach was discovered. These inputs are then processed through a proprietary algorithm that produces an index number, with 1 being least severe and 10 being most severe.

Resources

Breach Level Index website:
www.breachlevelindex.com

Secure the Breach website:
www.securethebreach.com

Secure the Breach Manifesto:
www2.safenet-inc.com/securethebreach/downloads/secure_the_breach_manifesto.pdf

About Gemalto

Gemalto (Euronext NL0000400653 GTO) is the global leader in digital security, with 2015 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

Our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

Our 14,000+ employees operate out of 118 offices, 45 personalization and data centers, and 27 research and software development centers located in 49 countries.

For more information visit www.gemalto.com, or follow @gemalto on Twitter.

 

Back to Top

Contact Us

Thank you for your interest in our products. Please fill out and submit the form to receive more information about Gemalto or to be contacted by a Gemalto specialist.

Your Information

* Email Address:  
* First Name:  
* Last Name:  
* Company Name:  
* Phone:  
* Country:  
* State (US Only):  
* Province (Canada/Australia Only):  
Comments:  
 


By submitting this form I agree to receive information from Gemalto and its affiliates as described in our Privacy statement.