The number of publicly known data breaches decreased last year compared to 2017, despite harsher breach notification rules going into effect in Europe. The number of compromised sensitive records also went down by more than a third, from 7.9 billion records to around 5 billion.
According to a new report from security intelligence vendor Risk Based Security (RBS), over 6,500 incidents that resulted in compromised data have been publicly disclosed last year, two-thirds of them originating in the business sector. The government sector accounted for 13.9 percent, the medical sector for 13.4 percent and education for 6.5 percent.
The data collected and analyzed by RBS shows that very large breaches continue to occur and, in fact, have the biggest impact on people’s privacy. Last year, there were 12 breaches where 100 million or more sensitive records were exposed and together those breaches accounted for 74 percent of all records exposed in 2018.
The largest breach by far was one that involved people India’s national ID database, known as the Aadhaar. That incident was reported in March 2018 and exposed the national ID numbers, addresses, phone numbers, email addresses, postal codes, and photographs of almost 1.2 billion Indian citizens.
Other large breaches included hackers gaining access to 383 million loyalty program records stored in Marriott’s Starwood guest reservation database and to 240 million guest records from Huazhu Hotel Group.
Some breaches were not the result of hackers exploiting security vulnerabilities, but of security oversights that made data openly accessible on the web. This was the case with marketing firm Exactis, which exposed the personal details of 230 million adults and 110 million business contacts due to a misconfigured database.
Another common cause for breaches is fraud or social engineering, where company insiders intentionally or accidentally share data with unauthorized third parties. The incident where political consulting firm Cambridge Analytica obtained data from 87 million Facebook user profiles through a …