Global data breaches hit 1,500 last year, public disclosures reveal

UK's worst breach was Mumsnet

After a bad 2013, the number of disclosed global data breaches rose by another 50 percent last year to reach 1,500, according to Gemalto's Breach Level Index (BLI) based on publically-disclosed incidents.

Given that news of data breaches is an almost daily occurrence, the record-breaking nature of 2014 won't come as a surprise to many people, nor the fact that just shy of 800 million of the one billion compromised records (excluding the CyberVors breach - see end note) were in US organisations.

Those records were from 1,107 individual breaches reported, which in terms of incidents put the UK in second place with 117. However, the average UK data breach was much smaller at only 10.2 million records compromised in total, well behind Germany and Australia on 42 million each.

The first issue is how to assess the severity of data breaches - is it size that matters, the number of records taken, type of data in those records, or the extent to which criminals are able to exploit the data they take?

Another issue is how much can be read into publically-disclosed data breaches given that the US and UK have tougher rules on disclosure than other countries and so might only appear to have a bigger problem.

The BLI gives breaches a severity rating which records the top US data breach of 2014, Home Depot, as a '10' for the 109 million records breached. In second place, also on 10, was JPMorgan Chase (83 million records) and eBay (145 million).

Only seven breaches rated at the maximum '10' severity have ever been recorded, five of them in 2014 alone.

In the UK, the top 2014 breach was Mumsnet, given a severity rating of 8.3 for the 1.5 million records potentially compromised, ahead of Affin Bank Berhard at 8.2 for its 1.271 million records and Harley Medical Group on 7.9 for 500,000 records.

Some smaller UK breaches got relatively high ratings because of the type of data compromised. A good example was the 100,000-record internal breach at Morrison's Supermarket which just happened to be of its entire workforce database.

"Not only are data breach numbers rising, but the breaches are becoming more severe," commented Gemalto's VP of cloud services, identity and data protection, Jason Hart, who also put the danger from this into a wider perspective.

"Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes. As data breaches become more personal, we're starting to see that the universe of risk exposure for the average person is expanding."

That's the bit that underlines why breaches matter and aren't simply an issue for the organisations involved. The lost or stolen data goes somewhere and usually not to a good place. Very little of it can also ever be recovered or erased and could end up affecting ordinary people.

Unfortunately the industry remains fixated on narrow self-interest, more concerned whether financial data is encrypted or not to protect itself against losses than the long-term effect on an consumer should criminals find out names, social security numbers and dates of birth, none of which can be changed the way a credit card number can.

The BLI started life under the auspices of SafeNet, which was bought by Gemalto for $890 million last August.

Note: the BLI website records the 1.2 billion records from the massive CyberVors breach haul, but does not count them for 2014 as a whole. This is because although the breach was discovered in 2014 the records were probably stolen over several previous years.

Join the CSO newsletter!

Error: Please check your email address.

Tags Gemaltosecuritydata breach

More about eBayGemaltoHome DepotSafeNet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts