1 Billion Data Records Compromised By 1500 Hacks Last Year

Media Division | February 13, 2015

According to a new research, more than 1 billion data records were stolen from more than 1,500 hacks in 2014. The findings from the enterprise security firm Gemalto indicates a significant yearly increase in data theft and corporate breaches. 49 percent was the increase in data breaches, while the loss or theft of data records increased by 78 percent on the prior year.

54 percent of the breaches included attacks on personal data such as credit card information and social security numbers, which was a 23 percent increase from 2013. Less than 4 percent of identity hacks were of partially encrypted data, so the outcome was that encryption of data is more important than ever, but many organizations are not doing this effectively.

The recent attack on health insurer Anthem highlights the lacking of data encryption among major organizations, where 80 million social security numbers were accessible because the organization failed to encrypt them to protect the identity of consumers.

“We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number,” Jason Hart, vice president of cloud services, identity and data protection at the reporting firm informed The Wall Street Journal.

Security flaws were highlighted after a chain of high-profile attacks on retailers and banks. The US suffered two of the largest breaches in its history when data records at retailer Target and banking institution JPMorgan Chase were compromised. Then the Anthem attack meant the concerns have been carried over to 2015.

The report also reveals that most of the motives were based on identity theft rather than financial gains. Data breach attacks on personal information, like social security addresses and credit cards, accounted for 1/3 of the most severe security breaches, according to a ranking on the threat level index provided by the reporting firm.

The main targets of data breaches are financial institutions and retailers that store consumer payment details, without effective tokenization or encryption to protect them.

The Obama administration is doing its best to combat theft and data breaches. The White House also announced plans to create an organization that analyzes cyber-crime intelligence data. Public center and government organizations became targets 17 percent of the time, and involved compromise of roughly 50 million data records.

That said, organizations themselves can take measures to protect consumer identity. The first appropriate measure would be to have a strict encryption policy for consumer data residing in network and systems. They should incorporate the nation-wide standard when it comes to encryption i.e. asymmetric key encryption (AES), also called public key encryption. The AES encryption should be implemented with 256 bits for better protection of sensitive data.

Integration of threat intelligence feeds will help organizations mitigate data breaches and prevent theft of information in case encryption fails. These feeds can protect data from botnet and malware based attacks as well as POS attacks. For retailers, this is an ideal security implementation as it provides immediate alerts of compromised point-of-sale terminals as well as profiles of vulnerable merchants, and the kind of data that was attacked in POS terminals.

Data breaches are expected to continue in 2015, so organizations need to uptight their security as soon as possible to avoid a repeat of last year.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.