Risk Based Security, a company that makes its living off vulnerability intelligence, breach data, and risk ratings reports that there were 3,813 publicly disclosed breaches in the first six months of 2019, exposing more than 4.1 billion records. That total is up more than 50 percent compared to the first six months of 2018.
“Looking over the first six months of 2019, it is hard to be optimistic on the outlook for the year,” said Inga Goddijn, Executive Vice President of Risk Based Security. “The number of breaches is up and the number of records exposed remains stubbornly high. Despite best efforts and awareness among business leaders and defenders, data breaches continue to take place at an alarming rate.”
Big hacks you’ve probably never heard of
Most consumers are aware of the data breaches that happen to bigger companies or get widespread media attention like Facebook’s never ending saga of hacks.
Flying under the radar, however, are breaches of nightmarish proportions -- hacks that rank as definite consumer concerns.
One case-in-point that Risk Based Security brought up in its report is Verifications.io, an email marketing company whose misconfigured database exposed 982,864,972 names, addresses, and Facebook, LinkedIn, and Instagram accounts. The information associated with the breach includes email addresses, dates of birth, phone numbers, fax numbers, genders, IP addresses, and personal mortgage amounts. As a result of the incident, Verifications.io has ceased operations.
Another breach with consumer impact potential was that of First American Financial Corporation. If you’ve bought a house, particularly in California, it’s possible you and First American have a connection of some sort as the company’s core business is vast: title insurance and closing/settlement services; valuation products and services; home warranty products; property and casualty insurance; and banking, trust, and investment advisory services.
According to the Risk Based Security report, 885,000,000 records were exposed at First American, including real estate closing transaction records that contained names, Social Security numbers, phone numbers, email and physical addresses, driver’s license images, banking details, and mortgage lender names and loan numbers.
Luckily for First American, it may have dodged a bullet in this situation -- a very large bullet. While the potential of a near-million records being exposed is enough to make lights flash and alarms sound on any consumer’s pain scale, the company reports that the actual number of customers “whose non-public personal information likely was accessed without authorization” was only 32. Whew.
Who’s the most vulnerable?
If the report offers up any alarms, it should be that the things most vital to consumers -- personal info tied to healthcare, online shopping, finance and insurance, government, and education -- continue to be prime targets. The simple reason for that focus is because those areas are where the most personal data lies that can be mined and turned into cash.
Of those, the healthcare sector suffered the most number of breaches so far this year, at 224. Converting that segment’s numbers into the total number of people affected, you’re looking at more than 100 million.
After healthcare, the pecking order has retail experiencing 199 breaches, followed by finance and insurance (183), government and information (160 each), and education (99).
Goddijn said the type of data that hackers are after is undergoing a slight shift. Nowadays, email addresses (70 percent) and passwords (64 percent) are at the top of the most pilfered list. After that, it’s names (23 percent) and Social Security numbers and credit cards (11 percent each).