Global data breaches in the first half of 2016 have already reached 554,454,942, putting the full year on course to hit over 1 billion compromised records. According to the Gemalto Breach Level Index, there have been 974 incidents worldwide to date - a rise of 15% against the same period last year. That puts the volume of stolen or lost records on a run rate of 3,046,456 per day.
The digital security technology firm tracks publicly-reported data breaches, recording the volume of data involved, location, industry sector and breach type. It found that 9% of breaches between January and June occured in Europe, with the UK a particular hotspot accounting for 61 out of 86 reports (6.26% of the global total). What makes the rise in breaches particularly worrying is that, as the report’s subtitle spells out, “it’s all about identity theft”. Stealing personally identifiable information now dominates compared to theft of payment and financial data.
"Over the past 12 months, hackers have continued to go after both low-hanging fruit and unprotected sensitive personal data that can be used to steal identities," noted Jason Hart, vice president and chief technology officer for data protection at Gemalto. "The theft of user names and account affiliation may be irritating for consumers, but the failure of organisations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data.”
In compiling the figures, the company also tracks the type of data stolen and points out in the report that not all breaches are equal. “As data breaches continue to grow in frequency and size, it is becoming more difficult for consumers, government regulatory agencies and companies to distinguish between nuisance data breaches and truly impactful mega breaches," said Hart.
"News reports fail to make these distinctions, but they are important to understand because each has different consequences. A breach involving 100 million user names is not as severe as a breach of one million accounts with social security numbers and other personally identifiable information that are used for financial gain,” he said.