Number of breached records surged by 273% in 2020 Q1

Edward G. | May 18, 2020

According to Atlas VPN investigation, the number of breached records globally surged by 273%, when comparing 2019 Q1 to 2020 Q1. During the first three months of 2020, over 8.4 billion documents got leaked

The number of hacked or accidentally exposed files reached a record-high during the first quarter of 2020. The second year in terms of number of records leaked in Q1 is 2017, which had over 3.4 billion records exposed.

This year, most of the exposed data came from a single unprotected ElasticSearch server, containing over 5 billion records. The data contained emails and passwords from services such as Adobe,, Twitter, LinkedIn, Tumblr, VK.

During the first quarter of 2019, the number of breached records reached 2,264 million. Comparing the first quarters of 2019 and 2020, the number of leaked sensitive files jumped by 273%.

From 2013 to 2019, the combined number of breached records in the first quarters is 8,058 million. Meaning, combining the first quarter breaches from 2013 to 2019 still does not equal the amount of data exposed in 2020.

Researchers found that in 2020 Q1, eleven data breaches exposed more than 100 million records each. Five other cases exposed between 10 and 99 million sensitive details of users worldwide.

Not only do scammers steal accounts but they also carry out advanced phishing scams. Users are more likely to download an attachment if the email comes from a trusted person or an organization.

Moreover, the email can contain links to phishing websites mimicking real ones. Since the email came from a trusted source, the users have their guard down and are tricked into giving their sensitive information, including credit card details.

This might seem like a lot of work for fraudsters, but as more people are aware of online threats, cybercriminals evolve in their scamming methods.

Due to the increased cybercriminal activity, as of 2019, the World Economic Forum considers cyber-attacks among the top five risks to global stability.

Breaches by region

According to the publicly available data, in Q1 of 2020 globally, there was a total of 1,196 individual data leaks. Out of these, almost 40% happened in the US.

It has to be noted that companies in the US have strong disclosure requirements, which means that a big part of the leaks is being reported. This is not the case in many other countries.

In contrast, as many as 42.06% of data leaks do not have an identifiable source. Meaning, an individual or organization discovered an unsecured cloud or similar servers containing users’ information, and nobody knows where it came from.

There are two main ways data leaks are found. The first one is the method mentioned previously, where someone discovers an unprotected data source online.

The second one is when hackers infect a companies network and steal the data. Then, fraudsters either sell the data on the dark web or demand ransom from the company to delete the stolen records. Sadly, many companies pay the ransom, encouraging hackers to search for yet another victim.

Phishing scams still take up the majority of the initial intrusions. Research shows, insiders who fell victim to phishing scams cause seven in ten breaches.

People in the company either clicked on a malicious link or downloaded an attachment that contained malware and subsequently caused a data breach.

Breaches by sector

The most significant change in the number of breaches comparing the first quarters of 2019 and 2020, happened in the information sector. The information sector comprises companies that produce computer software, hardware, provide internet, or similar services.

The information industry is a rapidly growing part of the economy. In just one year, the information sector breaches more than doubled.

The following sectors with the most breach increases per year are manufacturing - 74.19%, and healthcare - 70.97%.

The healthcare industry has been a target for cybercriminals for quite some time. Also, the number of targets increased dramatically due to the COVID-19 pandemic. Unfortunately, the healthcare sector is susceptible to cyber-attacks since 83% of healthcare systems run on outdated software.

Reports show that over 56% of devices operating in the health sector are still running on Windows 7. In addition, 27% of medical devices are still operating on Windows XP or decommissioned versions of Linux OS.

These operating systems no longer receive essential security updates or bug fixes, meaning, devices become vulnerable to various security threats.

At the other end of the spectrum, we see hospitality services. The number of breaches in the sector decreased by 86.11%. This could, in part, be attributed to the pandemic. From the start of March, most hospitality services worldwide had to close their doors to visitors due to quarantine.

Edward G.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.



© 2023 Atlas VPN. All rights reserved.