925 confidential information leaks has been reported in H1 2017. In January-June 2017, data leaks caused 7.78 billion personal and payment data records being compromised, including social security numbers, bank card details, and other critical data, as compared to 1.06 billion during the same period in 2016 and some 3 billion records compromised for the entire 2016 globally.
This is according to InfoWatch Analytical Center, which analysed reports from global mass media and other open sources. Data shows that the sudden spike in H1 2017 leaks were due to 20 mega leaks (10+ million records each) that accounted for 98% of all personal and finance data compromised. Compared to H1 2016, there were 20% more payment data leaks and 20% fewer personal data leaks.
Of the total recorded leaks 58% were caused by internal offenders, with average number of compromised records increasing up to 13.6M records per leak caused by external intruders (2.4M in 2016) and 4.5M records per leak by malicious insiders (0.8M in 2016). Unauthorised data access (abuse of access privileges and internal espionage) are less than 8% of all cases, while unskilled leaks unrelated to the abuse of access privileges or data fraud are recorded in 84% of cases.
“Since the beginning of 2017, we have been witnessing the sprawl of compromised data and damage caused by sensitive information leaks,” said Sergey Khayruk, Analyst, InfoWatch Group. “Commercial and governmental services operate an ever-growing volume of electronic and therefore extremely marketable data. Both high-tech and financial sectors are very exposed to data leaks and extremely attractive to intruders, with the majority of data being compromised there maliciously. At the same time, these very sectors drive digital economy, which, as it evolves, requires better regulation and cybersecurity for digital transformation processes.”
Payment details, which are highly marketable, are mostly leaked via browsers or cloud storages (45%) and corporate email (44%). Data leaks were detected most often in healthcare and least often in manufacturing and transport sectors. Hi-tech companies, including online services and major portals, recorded the largest volume of compromised data, while 16% of all compromised records leaked from government authorities.
Over the reporting period, criminals were mostly interested in banking and high-tech sectors, where more than a half of the personal data leaks were of malicious nature.