February 10, 2015

Explore Biggest Data Breaches with Statistics

Interested in data breach statistics and information security?

An interactive chart compiles the World’s Biggest Data Breaches. Each breach is presented as a bubble (sized according to the size of the breach), and clicking on it provides the security breach news around the incident. Or, filter breaches by year, method of leak, or organization type.

Here is a look at the different methods of leaks - and security safeguards that may help.

Leak: ‘Accidentally Published’

A State of Texas employee goofed and published 3.5 million personally identifiable information records online. 

In fact, negligent employees are the greatest source of endpoint risk, according to Ponemon’s 2015 State of Endpoint Report.

Safeguards

  • Culture of security from the top down.
  • Comprehensive information security policy.
  • Document management procedures.
  • Regular security training for employees.

Leak: ‘Hacked'

In a massive American business hack, a hacking ring was able to steal 160 million credit and debit card numbers from various U.S. banks, payment processors and chains over several years.

The 2013 Cost of Cyber Crime Study: United States revealed there are 122 successful cyber attacks per week and 2 successful attacks per company per week.

Safeguards

  • All the latest prevention and detection tools (i.e., encryption, intrusion prevention tools, data loss prevention, patch management).

'Insider Job'

Someone at Court Ventures sold 200,000,000 personal records to a Vietnamese identity theft service.

Employees are the most cited culprits of cybercrime, according to the recent security breaches reported in the Global State of Information Security Survey 2015. Incidents attributed to service providers, consultants, and contractors are also on the rise.

Safeguards

  • Insider threat program.
  • Third parties must comply with privacy policies.
  • Personnel background checks.
  • Cross-organizational team to manage information security.
  • End-user privileges management.

‘Lost/Stolen Computer’

When a laptop was stolen from Starbucks, confidential information from 97,000 employees was breached.

Most of the IT security practitioners who participated in The Human Factor in Laptop Encryption: U.S. Study reported that someone in their organization lost or had a laptop stolen – and 71% of incidents resulted in a data breach.

Safeguards

  • Full disk encryption, anti-theft technology, and other security solutions.
  • Specific policy for the mobile workforce.
  • Employee training to protect laptops.

‘Lost/Stolen Media’

A lost U.K. Ministry of Defence hard drive resulted in a breach of 1.7 million Armed Forces Personnel confidential information.

Over one-quarter of large organizations and almost half of small businesses have no protocol for dealing with confidential information off site, according to Shred-it’s 2014 State of the Industry report.

Safeguards

  • Employee training emphasizing off-site information security procedures.
  • E-media and hard drive destruction policy so that all electronic storage devices are securely destroyed when no longer needed.

‘Poor Security’

Somehow 175,350 letters with sensitive member information visible through the envelope windows were mailed out by Accendo Insurance Co.

The total number of security incidents climbed to 42.8 million in 2014, according to the 2015 Global State of Information Security Survey. This was an increase of 48% over 2013.

Safeguards