InfoWatch reports exponential jump in number of data leaks year on year

Source: InfoWatch. Technology and finance were preferred data theft targets.

The InfoWatch Analytical Center has tracked 925 confidential information leaks in 1H17, 10% more than in 1H16. From January to June 2017, data leaks compromised 7.78 billion personal and payment data records, including social security numbers, bank card details, and other critical data, as compared to 1.06 billion during the same period in 2016 and some 3 billion records compromised for the whole of 2016 globally.

The growth came in the main from 20 mega leaks compromising more than 10 million records each, accounting for 98% of all personal and finance data compromised. Compared to 1H16, there were 20% more payment data leaks and 20% fewer personal data leaks, InfoWatch said.

Internal offenders caused 58% of global cases, with an average number of compromised records soaring to 13.6 million records per leak caused by external intruders (2.4 million in 2016) and 4.5 million records per leak by malicious insiders (0.8 million in 2016).

“Since the beginning of 2017, we have been witnessing the sprawl of compromised data and damage caused by sensitive information leaks,” said Sergey Khayruk, Analyst, InfoWatch Group. “Digital economy development makes cybersecurity move beyond its own sector and become a topic of discussion at the highest possible level."

Under 8% of data leaks were associated with unauthorised data access (abuse of access privileges and internal espionage). Other reasons were given for 84% of the cases, with the remainder attributed to fraud.

Compared to 1H16, there were more leaks through the network, including web and cloud channels, and email. Slightly over 67% of all leaks were blamed on the network (half in 2016), with email coming in at a distant second, accounting for 7.2% of leaks (15.8% in 2016). Fewer leaks were as a result of equipment loss/theft, removable media, and paper documents. The most marketable payment details were mostly leaked via browsers or cloud storage (45%) and corporate email (44%).

Source: InfoWatch. The largest leaks come from the technology and healthcare.

Data leaks were detected most often in healthcare and least often in manufacturing and transport sectors. Hi-tech companies, including online services and major portals, recorded the largest volume of compromised data, while more than 15% of all compromised records were leaked from government authorities.

Over the reporting period, criminals were mostly interested in banking and high-tech sectors, where more than a half of the personal data leaks were of malicious nature.

“Commercial and governmental services operate an ever-growing volume of electronic and therefore extremely marketable data,” noted Khayruk. “Both high-tech and financial sectors are very exposed to data leaks and extremely attractive to intruders, with the majority of data being compromised there maliciously. At the same time, these very sectors drive digital economy, which, as it evolves, requires better regulation and cybersecurity for digital transformation processes.”