“No industry, organization size or geographic location, is immune to a data breach.”
That’s the bottom line to Risk Based Security’s recently published end-of-year data breach report, which concluded that over four billion records had been stolen during 2016.
The report confirmed that three companies accounted for half of the records stolen in breaches reported last year.
Yahoo saw over 1.5 billion records stolen in two separate reported attacks — the largest breach of records in history, eclipsing AdultFriendFinder’s 412 million accounts and Myspace’s 427 million passwords.
That accounts for 2.3 billion records out of 4.2 billion records stolen during the year.
The remaining two billion accounts came from over 4,100 separate breaches targeting government agencies, medical institutions, and other businesses.
More than half — around 53 percent — of all 2016’s reported breaches were as a result of hacking, according to the report. Many of the larger services were attacked a few years prior, during a period in which security wasn’t taken as seriously or wasn’t implemented properly. Many of the records from the Myspace and AdultFriendFinder breaches were stored using weak hashing algorithms or in plaintext, suggesting a lack of encryption employed at the time.
But not to be overshadowed, the smaller breaches still add up. According to the research, half of the reported breaches exposed between one and 10,000 records.
Most of the hacks involved a remote SQL injection attack from faulty or badly-configured websites, the report said.
The report said that a little under five percent of breaches were as a result of malware, representing less than one percent of exposed records
“Another ongoing issue continues to be misconfigured databases and other inadvertent web based disclosures as they exposed over 253 million records in 2016,” said Inga Goddijn, executive vice president of Risk Based Security.
Many of those exposed databases, including a leak of confidential military personnel data, a financial crime and terrorism database, and a leak exposing faults in the official account of an inmate’s death, were reported on ZDNet.
Risk Based Security said the number of reported breaches has exceeded 23,700, accounting for more than 9.2 billion records.