It’s looking highly likely that 2019 could be the worst year ever for data breaches. That’s hardly surprising considering cybercrime is a growing pandemic. Can companies get their data protection and cybersecurity practices caught up and keep them up to date?
On September 16, Security Magazine reported on the 2019 Midyear Quickview Data Breach Report from Risk Based Security which put the number of data breaches up by 54% at 2019’s midpoint. According to the data, 3,800 data breaches had been reported by this time, compromising around 4.1 billion consumer and individual records.
Latest figures show data breaches are increasing
A new report by IT Governance on September 30 puts the total number of breached records for 2019 to date at 10,331,579,614. Though there may have been slightly fewer incidents in September than there were in August, overall, according to the report there was a 363% increase on the number of records breached.
IT Governance lists the cyber-attacks, ransomware attacks, data breaches, and other malicious cyber events. It includes the recent Facebook revelation that 419 million records including user phone numbers may have been exposed in an online database. Though the data could have been scraped before Facebook made changes to its systems much of the data could still be valid and it’s a very relevant breach.
Just some of the data breaches so far
The site also lists this year’s Yves Rocher breach where 2.5 million records were left on a database and the Teletext Holidays breach where 212,000 audio records of customer purchases were left unprotected online.
Charing Cross Gender Identity Clinic accidentally shared patient data after a mistake in the CC field of an email.
A misconfigured database potentially containing information on the entire population of Ecuador exposed 16.6 million records.
A Tesco parking application exposed up to 20 million car registration number plates and unshredded NHS records were used to weigh down scaffolding at an art festival. The list goes on.
SelfKey timelines 2019’s data breaches with a number of them yet to be attributed a figure. Data breaches can take months to surface and continue to grow in their impact as investigations are carried out.
Malindo Air reported data had been leaked onto public forums on September 18 and on September 9, 50,000 student records were reportedly exposed through the Get application.
Then there is the Flipboard hack where unauthorised access to some of its databases between June 2018 and March 2019 has yet to be quantified into number of records breached. The platform has 145 million monthly users
New incidences occurring daily – now Zynga’s Words with Friends
Breaking in the news just now and as reported by VentureBeat, the records of 218 million players of Zynga’s Words With Friends social media/mobile game may have been accessed by a cybercriminal. The same hacker could also have been responsible for gaining access to a billion user records stolen from 45 other online services earlier this year.
For Zynga, the breach affects Android and iOS players who signed up for Words with Friends before September 2, 2019. The game company boasts over a billion players of its games worldwide and their last reported hack was in 2012. Zynga says:
“Cyber attacks are one of the unfortunate realities of doing business today. We recently discovered that certain player account information may have been illegally accessed by outside hackers. An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.”
Cyber-attacks are a risk and reality for any sized business. Though social media platforms, games, the healthcare sector, government data, retailers and of course, financial institutions are often hardest hit the truth is if you store data you are at risk of a breach. That breach could be the result of an attack but just as easily result from a software misconfiguration or the unwitting mistake of an employee.
Can businesses keep up to the threat of data breaches?
Though the reality is that no business may be 100% protected from cybercrime or even accidental data breaches forever there is much that can be done to limit risk. It’s all in the try, though admittedly an unlimited cybersecurity budget would always help.
Businesses must simply do the best they can to protect valuable data. Companies where data collection forms part of their business model must do more.
Cybercrime is evolving, but so is cybersecurity. Employing the best systems and processes, choosing the best cybersecurity contractors, or hiring the best technology talent helps. Complying with data protection regulation, like GDPR, is the law.
Continuous development of systems and processes to meet evolving threats is essential. Ongoing assessment of vulnerabilities is vital. Security awareness in every part of an organisation is critical.