More Than 4.1 Billion Records Exposed in 2019

August 15, 2019

More than 3,800 data breaches were reported from January through June 30, exposing over 4.1 billion records, according to the 2019 MidYear Data Breach Quickview Report.

Compared to midyear of 2018, the number of reported breaches was up 54 percent and the number of exposed records was up 52 percent. Of the breached organizations that could be definitively classified, the Business sector accounted for 67 percent of reported breaches, followed by Medical (14 percent), Government (12 percent) and Education (7 percent). This continues the trend observed in the Q1 2019 report.

Additional key findings include:

In Q1, three breaches were reported as exposing over 100 million records. In Q2 another five breaches were reported as exposing 100 million records or more. Collectively, these eight breaches exposed over 3.2 billion records or 78.6 percent of the total records exposed through June 30.
The Business sector accounted for 84.6 percent of the records exposed followed by Unclassified at 14.8 percent and Medical at 0.3 percent. The Government and Education sectors combined accounted for 12.9 million records exposed through the midyear point.
Web remains the number one breach type for number of records exposed, accounting for 79 percent of compromised records, while Hacking remains the number one breach type for number of incidents, accounting for 82 percent of reported breaches.
Email addresses and passwords remain prized targets, with email addresses exposed in approximately 70 percent of reported breaches and passwords exposed in approximately 65 percent of reported breaches.

In the first 6 months of the year, 137 breaches exposed sensitive data belonging to third parties. While some of these events were relatively mundane, others had far-reaching implications. Perhaps none was worse than the compromise at American Medical Collection Agency (AMCA). Initially reported as a breach at Quest Diagnostics, it quickly became clear the breach actually occurred at AMCA. The fallout has been substantial. Clients severed their relationship with AMCA, consumer lawsuits were filed within days of the initial breach disclosure and most devastating of all, AMCA was forced into filing for bankruptcy protection a mere 2 weeks after news of the breach made headlines.

A closer look at breaches impacting third parties, and their data, shows a striking difference compared to all breaches in Q2. Email addresses and passwords fall toward the bottom of the data types compromised while names, addresses, Social Security numbers and dates of birth climb to the top of the chart. Not only can these breaches be more difficult to manage given the multiple parties involved, they can also have more damaging consequences for the individual’s whose data is exposed in the event.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.