375 MILLION CUSTOMER DATA RECORDS COMPROMISED IN 2014 – RETAIL INDUSTRY HIT HARDEST

Identity theft main reason for breaches and survey shows 40 per cent of consumers very unlikely to do business with breached companies

SafeNet, Inc., a global leader in data protection solutions, today released the highlights from its SafeNet Breach Level Index (BLI) for the second quarter of 2014. Between April and June of this year, there were a total of 237 breaches that compromised more than 175 million customer records of personal and financial information worldwide.  For the first half of 2014, more than 375 million customer records were stolen or lost as a result of 559 breaches worldwide.  The retail industry had more data records compromised than any other industry during the second quarter, with more than145 million records stolen or lost, or 83 per cent of all data records breached.  Less than one per cent of all 237 breaches during the second quarter were secure breaches where strong encryption or authentication solutions protected the data from being used.

SafeNet also announced the results of a global survey of more than 4,500 adult consumers in which nearly 40 per cent of respondents said they would never, or were very unlikely to, shop or do business again with a company that had experienced a data breach.  This sentiment increased to 65 per cent if the data breach involved customers’ financial and sensitive information.

Q2 Highlights

The Breach Level Index provides details about hundreds of individual data breaches, which can be sorted by source, industry, risk level, and date. Highlights from the second quarter include:

• In each of the last four consecutive quarters, there has been one major data breach in which more than 100 million records were exposed.
• 175,655,228 records were stolen in the second quarter. This equates to 1,951,724 records stolen per day; 81,321 stolen per hour; and 1,355 records stolen every second.
• Malicious outsiders are targeting businesses’ most critical records. They are responsible for compromising 99 per cent of the records and 56 per cent of the incidents this quarter, more than any other source.
• Healthcare incurred 23 per cent of incidents, more than any other industry, but only accounted for 782,732 records lost or less than 1 per cent of all records stolen during the quarter.
• Identity theft was the leading cause of breaches with 58 per cent of all incidents and 88 per cent of records stolen.
• Encryption was used in only 10 of the 237 reported data breach incidents.  Of those, only two could be classified as secure breaches in which encryption restricted the access of stolen data.
• The U.S. accounted for 85 per cent of records compromised worldwide and 74 per cent of all reported incidents, more than any other country. Germany followed with 10 per cent of all records stolen.
• Three of the top five breaches were based in the U.S., with the other two breaches occurring in Europe.
• Government was the second least secure sector after retail, accounting for 11 per cent of all records that were lost or stolen. The Department of Veterans Affairs incurred the most breaches, having been hacked during each quarter of 2014.
• Financial services breaches decreased significantly from the first quarter, down from 56 per cent to less than one per cent of records stolen in the second quarter.

“Even amidst continued warnings about data security, the breach epidemic is trending in the wrong direction. 2014 has proven to be more of the same, with 379 million customer records stolen in the first six months alone,” said Jason Hart, VP Cloud Solutions at SafeNet. “While it’s not surprising that sophisticated cybercriminals are gaining access to critical data stores, what is surprising is that only one per cent of breached records had been encrypted. The benefits of encryption have been known for some time, but companies just aren’t doing it. It’s the security industry’s equivalent of flossing your teeth. Everyone knows it’s good for you and the technology is proven, but only a small percentage of companies do it well.”

About the Breach Level Index

The BLI provides a centralised, global database of data breaches and calculates their severity based on multiple dimensions, including the type of data and the number of records stolen, the source of the breach, and whether or not the data was encrypted. By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Information populating the BLI database is based on publicly available breach disclosure information.

SafeNet first collaborated with industry analyst firm IT-Harvest in 2013 to develop the logarithmic formula used to determine breach severity. When calculating the severity of data breaches, the BLI factors in multiple inputs, including data type, number of records stolen, breach source, and if the high-value data remained secure after the breach was discovered. These inputs are then processed through a proprietary algorithm that produces an index number, with one (1) being least severe and 10 being most severe.

Resources

• Breach Level Index Executive Summary: http://breachlevelindex.com/pdf/Breach-Level-Index-Report-Q22014.pdf
• Breach Level Index website: www.breachlevelindex.com
• Secure the Breach website: www.securethebreach.com
• Secure the Breach Manifesto: www2.safenet-inc.com/securethebreach/downloads/secure_the_breach_manifesto.pdf
• Customer Sentiment Survey Summary http://www2.safenet-inc.com/email/2014/dp/GlobalCustomerSentiment/index.html