Report: 1.4b Records Exposed Last Year

In-brief: Almost 1.4 billion data records were exposed in 2016, many of them lost as a result of identity theft, the security firm Gemalto reported Tuesday.

Almost 1.4 billion data records were exposed in 2016, many of them lost as a result of identity theft. That, according to a report released by the firm Gemalto on Tuesday.

While there were fewer incidents of data theft in the past year, the number of records exposed increased by 86% over 2015 – the result of what Gemalto says is hackers targeting large data sets.

The findings were presented in Gemalto’s latest Breach Level Index, a report that culls public information from public sources, including news stories and other reports. Among the largest incidents of the last year: the breach of Adult FriendFinder, which exposed more than 400 million records. Also: an attack on the video sharing website Daily Motion, which exposed 85 million records.

Gemalto said that hackers are casting a wide net and “using easily-attainable account and identity information as a starting point for high value targets.” Top of the list of targets: companies in industries like entertainment and social media with large troves of user data.

Click this to view a full size version of the infographic from Gemalto’s Breach Level Index. (Image courtesy of Gemalto)

Identity theft was the leading type of data breach last year, accounting for 59% of all data breaches. That marked an increase from 2015 of around 5%. Account takeovers were the second most common form of attack, and were a part of 54% of recorded breaches. That was 336% higher than in 2015.

The healthcare industry was responsible for 28 percent of all breaches, though the number of compromised records in that industry declined by 75%, Gemalto found. Government networks were responsible for 15 percent of all breaches, while industries like technology saw a big jump (55%) in the number of incidents, Gemalto found.

The vast majority of incidents reported were in the U.S.: 1,433 out of 1,792 total incidents (80%). The UK was the country with the second most number of reports after the U.S., at just 108.

However, that may change in the coming years, as the EU’s new General Data Protection Rule (GDPR) standardized reporting requirements in member nations to require disclosure of data breaches in EU member nations as well as Australia. That, Gemalto said, will likely result in a spike in data breach reports from EU nations.

The report only notes incidents that occurred within the calendar year. As a result, data totals from serial breaches at Yahoo – which total more than a billion records, but which occurred prior to 2016 – are not included in the 2016 total.