Data leaks surge by 1,453% in 5 years to a record 36 billion cases in 2020 alone
With a global pandemic, devastating wildfires, racial tension, and political divide, it is not surprising that 2020 was named the most challenging year in the past decades. The year has been grim for data privacy as well, with leaked personal data records reaching numbers the world has never seen before.
Atlas VPN analysis based on Risk Based Security data reveals that exposed data hit a record 36.1 billion in the first three quarters of 2020. The number of data records leaked this year is more than two times higher than in the entire year of 2019 and make up more than half (51%) of all exposed data in the past five years.
The first three quarters of 2020 saw a 332% increase in leaked data records compared to the same period last year when 8.35 billion records were exposed. Looking at the historical data, leaked data records surged by a whopping 1,453% from 2.33 billion through Q3 in 2016 to 36.1 billion in 2020.
A number of leaked data records already hit an all-time high in the second quarter of this year. However, the three months of Q3 brought in additional 8.43 billion records to the toll.
Let’s look at the data leak numbers quarter by quarter. From Q4 of 2019 to Q1 of 2020, leaked data numbers rose by 24%, from 6.84 billion to 8.45 billion — the most records exposed in any Q1 period over the past five years.
In Q2, the numbers of data leaked increased again, spiking by 128% to a historical high of 19.23 billion. Finally, in Q3, the number of exposed data records dropped by 56% to 8.43 billion. Nevertheless, the number is still higher than in any Q3 period since 2015.
Leaked data records are on the rise, while data breaches are declining
A record-high number of data leaked this year is a result of 2,953 publicly reported data breaches. However, unlike leaked data records, data breaches dropped by 51% compared to the same period last year when 6,021 violations were reported.
The decrease in the number of breaches is caused by a general slowdown in such event reporting rather than the actual drop in breach activity. The global Covid-19 pandemic and remote work are likely to be one of the primary reasons for such a change in reporting behavior.
We can still expect to see bigger numbers by the end of this year as lagging sources reveal additional information. However, data breach levels are unlikely to reach those of 2019.
Looking at the breach data on a quarterly basis, it is evident that more frequent data breaches do not always result in a more significant amount of records leaked. Yet, breaches are growing in severity, exposing more and more records every year.
The first three months of 2020 had the most data breaches this year (1,337), which caused 8.45 billion leaked records. One breach that happened due to a misconfigured ElasticSearch cluster alone exposed 5.1 billion records. Eleven data breaches each were responsible for leaks of more than 100 million data records.
While Q2 saw the least amount of data breaches (848), these breaches resulted in the most records exposed (19.23 billion). The two largest breaches ever reported surfaced during the second quarter of 2020, accounting for more than 18 billion records put at risk.
Q3 had 768 breaches and 8.43 billion records leaked. Two breaches in the third quarter of 2020 exposed over 1 billion records each, while four breaches exposed over 100 million records per event.
The most commonly exposed data types are names (45%), emails (36%), and passwords (29%) — all the key information needed for accessing someone's account.
Hacks are the leading cause of data breaches this year, while misconfigured databases and services are the main reason behind a staggering number of records exposed.
The healthcare sector continues to suffer the most
While no economic sector is guarded against cyber breaches, some sectors suffered more than the others.
The healthcare sector endured the most data breaches out of all economic sectors studied in the research in the first three quarters of 2019 and 2020. Through Q3, 2019, the healthcare sector had 343 breaches, while in 2020, it faced 341 breaches, which account for 12% of breaches this year.
The healthcare sector has always been a target for cybercriminals. Unfortunately, it is also vulnerable as 83% of healthcare systems run on outdated software, and the Covid-19 pandemic has not made it easier to safeguard against cyberattacks.
The fast-growing information sector, including software creators, data processing, hosting, streaming services, and websites, was also highly targeted in 2020. It had 306 data breaches, which make up 10% of all breaches through Q3 this year. The number rose by 31% compared to the same period last year when 234 breaches happened.
Occupying the third spot in the list is the financial and insurance sector, with 274 breaches within the first three quarters of 2020 accounting for 9% of total violations this year. The financial industry is highly lucrative for cybercriminals. Therefore, data breaches affecting the sector were almost as high last year when 263 breaches were detected.
Overall, this year saw a rise in data breaches across the majority (65%) of sectors. However, healthcare, public administration, education, real estate, and hospitality organizations saw a slight decline in data breaches.
Additionally, there was a significant drop in data breaches affecting the retail, as well as mining and extraction sectors. Through Q3 of 2019, the retail sector had 307 data breaches, while in 2020, the number plummeted by 42% to 178 breaches.
In the meantime, within the first three months of 2019, the mining and extraction sector faced 32 data breaches, while in 2020, the amount dropped more than three times to 10 breaches.
The least affected sector both years remains agriculture. In the first three quarters of 2020, it experienced merely 3 successful data breaches. In the same period last year, the number stood at only 1.
Tips on protecting your organization from data breaches
No organization wants to learn their client data has been breached or worse leaked. However, there are some precautions businesses can take to minimize the chances of data breaches happening.
Use 3rd party Intelligence and pen-testing services - It is crucial to identify the existing vulnerabilities in your system so they can be eliminated before hackers have an opportunity to exploit them. Here is where 3rd party Intelligence and pen-testing services can help as they can test your systems through a hacker’s point of view, allowing you to detect and resolve any dangerous flaws.
Educate employees - Even if all of your systems are secured, the effort can be for nothing if your employees are not on the same page about cybersecurity practices. Test your employees' security awareness with cyberattack simulations. It will help educate them on how cyberattacks may look like and keep them vigilant at all times.
Regularly patch and update software - Always update software you use as soon as the option is available. Up to date software has the latest security patches, making it harder for cybercriminals to take advantage of any system vulnerabilities.
Use multi-factor authentication everywhere - If you only need a username and a password to access a certain system — it is not protected enough. Enable multi-factor authentication where possible to reduce the likelihood of unauthorized access.
Cybersecurity Researcher and Publisher at Atlas VPN. Interested in cybercrime, online security, and privacy-related topics.