A research from Risk Based Security highlighted that the number of publicly reported data breaches declined in the last five years, while the number of records exposed increased four-times more than any previously reported incident in the first six months of 2020. The “2020 Mid-Year Data Breach QuickView Report” revealed that around 2,037 data breaches were publicly reported till June 30, 2020, accounting for a 52% decrease compared to the first six months of 2019, and 19% below the same time period for 2018.
According to the research, the main cause of data breaches in the first half of 2020 were misconfigured databases and services. Around 27 billion records were exposed between January 1 and June 30, 2020, which exceeds the total number of records exposed during all of 2019 by more than 12 billion records.
Inga Goddijn, Executive Vice President at Risk Based Security, said, “The striking differences between 2020 and prior years brings up many questions. Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? Perhaps most importantly, is this a permanent change in the data breach landscape?”
Who Was Breached?
The research stated that the information technology and health care sectors reported the most number of breaches in the first three months of 2020. “In the first three months of the year Health Care services was the leader with 106 reported breaches with the Information sector in second place with 104 reported breaches. The difference between these two sectors is how the breach experience is divided among the sub-groupings that make up these sectors. In Health Care, breach activity is evenly distributed between hospitals, practitioners, and other facility or support service providers. In the Information sector, approximately 85% of the breaches originate from software publishers (which includes Software-as-a-Service) and other web-based services,” the report said.
- The number of payment card details exposed in the first six months of 2020 surpassed 90 million records. Despite this, there were even more Social Security / national identity numbers, financial account numbers, and dates of birth exposed during this period.
- Four economic sectors (Information, Health Care, Finance & Insurance, and Public Administration) accounted for more than half (52.5%) of reported breaches.
- The information sector accounted for 14.5% of reported breaches, with software providers, hosting, and other online services accounting for 86.5% of the information sector breaches.
- The health care sector nearly matched the information sector, accounting for 14.3% of the reported breaches.