High profile data breach seems to be happening left and right these days, with no end in sight.
The daring attacks are elaborate, sophisticated, and are growing in frequency. Data breaches are a significant cause for concern because it affects everyone, from businesses to consumers to governments. The devastating aftermath of a cyberattack puts millions of lives at risk. Leaked personal details can lead to extortion, blackmail, and identity theft. Losing user data or intellectual property can cost businesses millions in damages and lost revenue.
This article aims to show you the frightening facts and stats about data breaches, so you can be better prepared if it comes knocking at your door.
The Anatomy of a Data Breach
A data breach happens when an attacker infiltrates a data facility and extracts sensitive information. Cybercriminals do the deed by gaining access to a physical computer or network to steal local files. They can also do it by remotely bypassing network security from a secure location off-premises. The first method is harder since it requires placing someone inside to do the hack. Cybercriminals prefer the second option.
Here’s a step-by-step process of a data breach operation:
The Research Phase
Cybercriminals probe the company looking for weaknesses in its security. Weak links usually come from employees, systems, or the network.
The Initial Attack
Hackers make initial contact by probing the network or using social media to engage employees.
The Second Wave: Network and Social Attack
Cybercriminals launch a full-scale attack on the network. Using previously identified weaknesses in the system or infrastructure, hackers infiltrate the network. Social attacks work by tricking employees into giving the attacker access to the company’s network. Hackers usually befriend their targets on social media or dupe them into opening an attachment loaded with malware.
An attacker gains access to a computer and uses it to attack the network. Hackers tunnel their way into sensitive corporate data and extract it successfully.
The Largest Data Breaches to Date
- Yahoo still holds the crown for the most significant data breach in history, with 3 billion stolen records in August 2013. First American Financial Corp. sits in second place, with 885 million affected records in 2019.
- Lapses at Facebook led to 540 million records getting exposed in 2019.
- Hotel chain behemoth Marriott International lost at least 500 million client records due to an undetected data breach of its reservation database from 2014 to 2018.
- Friend Finder Networks got hacked in 2016, and attackers came away with 412.2 million records.
- Hackers breached marketing and data aggregation firm Exactis and stole 310 million records (200 U.S. consumers, 110 million businesses) in 2018.
- Equifax lost 145.5 million client records to hackers in July 2017.
- Cybercriminals were able to come away with 145 million eBay user records in May 2014.
- Heartland Payment Systems gave up 134 million customer records in March 2008.
- Attackers targeted Target and stole 110 million user records in December 2013.
- The Capital One data breach exposed 106 million user accounts dating back from 2005 in March 2019 (small businesses and consumers).
- TJX Companies reported a December 2016 attack that compromised 94 million records.
- JP Morgan & Chase suffered a breach that exposed 83 million accounts in July 2014 (small businesses and consumers).
- Ridesharing giant Uber was the target in a November 2017 attack that left 57 million user records compromised.
- Hackers targeted the U.S. Office of Personnel Management (OPM) between 2012 – 2014 and came away with 22 million records.
- Timehop lost 21 million client records to cybercriminals in July 2018.
10 Alarming Facts and Stats About Data Breaches
- Data breaches cost U.S. companies $4.2 million in lost revenue on average (2019).
- According to the University of Maryland, hackers attack every 39 seconds or 2,244 times a day on average.
- In the first half of 2019 alone, data breaches exposed a staggering 4.1 billion records.
- In 2019, it still takes 206 days on average to identify a breach.
- Hacking leads all data breaches at 52%, followed by malware (28%) and phishing (33%).
- 37% of malicious email attachment types are .dot and .doc, followed by .exe at 19.5%.
- The average lifecycle of a data breach, from initial exposure to containment, is 314 days.
- Gartner forecasts that global spending on cybersecurity will reach $133.7 billion in 2022.
- Data breaches are either motivated by money (71% of attacks) or espionage (25% of attacks).
- Reports stated that 62% of businesses experienced social engineering and phishing attacks in 2018.
In the past, the world knew about data breaches long after the attack happened because companies tried to hide the fact. The non-disclosure of a breach left compromised users at risk for more damages. Uber even attempted to pay the hackers who breached them, asking to delete the data and keep the attack quiet. The GDPR and other data protection regulations aim to change that.
About the Author
Emily Andrews is the marketing communications specialist at RecordsFinder, an online public records search company. Communications specialist by day and community volunteer at night, she believes in compassion and defending the defenseless.