Data breach reports down 52% in the first half of 2020; Number of records exposed increase to 27 billion

August 17, 2020

Risk Based Security released their 2020 Mid Year Data Breach QuickView Report, revealing that although the number of publicly reported data breaches stands at its lowest in five years, the number of records exposed is more than four times higher than any previously reported time period.

“The striking differences between 2020 and prior years brings up many questions,” commented Inga Goddijn, Executive Vice President at Risk Based Security. “Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? And perhaps most importantly, is this a permanent change in the data breach landscape?”

All these questions are discussed and dissected in the 2020 Mid Year Data Breach QuickView Report. The report explores in detail how supply chain disruptions, brought on by the COVID-19 pandemic, has impacted data breach reporting and influenced other trends. In addition, Risk Based Security explains the cause behind the alarming amount of records exposed.

Key highlights include:

There were 2,037 publicly reported breaches through June 30th, a 52 percent decrease compared to the first six months of 2019 and 19 percent below the same time period for 2018.
Over 27 billion records were exposed between January 1, 2020 and June 30, 2020, exceeding the total number of records exposed during the entirety of 2019 by more than 12 billion records.
The driving force behind the number of records exposed continues to be misconfigured databases and services.
The two largest breaches ever reported came to light during the second quarter of 2020, accounting for more than 18
billion of the 27 billion records put at risk.
The number of payment card details exposed in the first six months of 2020 surpassed 90 million records. Despite this, there were even more Social Security / national identity numbers, financial account numbers, and dates of birth nexposed during this time period.
Four economic sectors (Information, Health Care, Finance & Insurance, and Public Administration) accounted for more than half (52.5 percent) of reported breaches.
The Information sector accounted for 14.5 percent of reported breaches, with software providers, hosting, and other online services accounting for 86.5 percent of the information sector breaches.
The healthcare sector nearly matched the information sector, accounting for 14.3 percent of the reported breaches.

“Misconfigured databases and services have been the key driver behind the growing number of records exposed” commented Inga Goddijn, Executive Vice President at Risk Based Security. “When entire databases are left open and freely accessible, a considerable amount of data is put at risk. It is a small handful of these events in Q2 that are responsible for the explosion in the number of records exposed. In the second quarter of 2020, just two breaches alone were responsible for more than 18 billion of the 27 billion records put at risk.”

The 2020 Mid Year Data Breach QuickView Report covers the data breaches reported between January 1, 2020 and June 30, 2020.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.