July 30, 2014 ─SafeNet, Inc., a global leader in data protection solutions, today released the highlights from its SafeNet Breach Level Index (BLI) for the second quarter of 2014. Between April and June of this year, there were a total of 237 breaches that compromised more than 175 million customer records of personal and financial information worldwide. For the first half of 2014, more than 375 million customer records were stolen or lost as a result of 559 breaches worldwide. The retail industry had more data records compromised than any other industry during the second quarter, with more than 145 million records stolen or lost, or 83 percent of all data records breached. Less than 1 percent of all 237 breaches during the second quarter were secure breaches, where strong encryption or authentication solutions protected the data from being used.
SafeNet also announced the results of a global survey of more than 4,500 adult consumers in which nearly 40 percent of respondents said they would never, or were very unlikely to, shop or do business again with a company that had experienced a data breach. This sentiment increased to 65 percent if the data breach involved customers’ financial and sensitive information.
Q2 Highlights
The Breach Level Index provides details about hundreds of individual data breaches, which can be sorted by source, industry, risk level and date. Highlights from the second quarter include:
- In each of the last four consecutive quarters, there has been one major data breach in which more than 100 million records were exposed.
- 175,655,228 records were stolen in the second quarter. This equates to 1,951,724 records stolen per day; 81,321 stolen per hour; and 1,355 records stolen every second.
- Malicious outsiders are targeting businesses’ most critical records. They are responsible for compromising 99 percent of the records and 56 percent of the incidents this quarter, more than any other source.
- Health care incurred 23 percent of incidents, more than any other industry, but only accounted for 782,732 records lost, or less than 1 percent of all records stolen during the quarter.
- Identity theft was the leading cause of breaches with 58 percent of all incidents and 88 percent of records stolen.
- Encryption was used in only 10 of the 237 reported data breach incidents. Of those, only two could be classified as secure breaches, in which encryption restricted the access of stolen data.
- The U.S. accounted for 85 percent of records compromised worldwide and 74 percent of all reported incidents, more than any other country. Germany followed with 10 percent of all records stolen.
- Three of the top five breaches were based in the U.S., with the other two breaches occurring in Europe.
- Government was the second least secure sector after retail, accounting for 11 percent of all records that were lost or stolen. The Department of Veterans Affairs incurred the most breaches, having been hacked during each quarter of 2014.
- Financial services breaches decreased significantly from the first quarter, down from 56 percent to less than one percent of records stolen in the second quarter.
“Even amidst continued warnings about data security, the breach epidemic is trending in the wrong direction. 2014 has proven to be more of the same, with 375 million customer records stolen in the first six months alone,” said Tsion Gonen, chief strategy officer, SafeNet. “While it’s not surprising that sophisticated cybercriminals are gaining access to critical data stores, what is surprising is that only one percent of breached records had been encrypted. The benefits of encryption have been known for some time, but companies just aren’t doing it. It’s the security industry’s equivalent of flossing your teeth. Everyone knows it’s good for you and the technology is proven, but only a small percentage of companies do it well.”
About the Breach Level Index
The BLI provides a centralized, global database of data breaches and calculates their severity based on multiple dimensions, including the type of data and the number of records stolen, the source of the breach and whether or not the data was encrypted. By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Information populating the BLI database is based on publicly available breach disclosure information.
SafeNet first collaborated with industry analyst firm IT-Harvest in 2013 to develop the logarithmic formula used to determine breach severity. When calculating the severity of data breaches, the BLI factors in multiple inputs, including data type, number of records stolen, breach source and if the high-value data remained secure after the breach was discovered. These inputs are then processed through a proprietary algorithm that produces an index number, with 1 being least severe and 10 being most severe.
