A global study found that more than one billion records were compromised in data breaches last year.
According to Gemalto's Breach Level Index (PDF) published Thursday, more than 1,500 data breaches in 2014 accounted for the whopping incidence of records stolen or lost. Between 2013 and 2014, the number of data breaches worldwide increased 49 percent, while the number of records involved in such incidents spiked 78 percent. SafeNet, which previously released the BLI reports, was acquired in January by Gemalto.
Gemalto called attention to Sony Pictures Entertainment's breach involving 47,000 records, which wasn't nearly as big in scope regarding records exposed, though still "notable" as it was “one of the most highly publicized hack attacks ever, garnering much attention because the U.S. federal government blamed the incident on North Korean hackers,” the report said.
After analyzing the motivations of cybercriminals targeting organizations, Gemalto found that the majority of breaches last year, 54 percent, were identity theft-based.
“Organizations were hit with 827 of these attacks, which accounted for more than half of the total,” the report said. “That's up dramatically from just 20 percent in 2013, which should be a concern for security operations.”
Tsion Gonen, vice president of strategy for identity and data protection at Gemalto, spoke to SCMagazine.com in a Friday interview about the “dramatic increase” in identity theft-based breaches.
“The identity theft element itself is very interesting,” Gonen said. “Credit card data was the highlight before [for attackers], but I think what we are seeing is attackers trying to find the most valuable piece of information they can use later on. Financial organizations became very edgy with their finger on the trigger when it comes to fraud alerts – so that window of opportunity to use [credit card] information goes down dramatically,” Gonen explained.
Breaches where cybercriminals were motivated to access financial data, however, were the second most common type of attack last year, the report found. In 2014, 17 percent of breaches (261 incidents) were aimed towards financial access. The year prior, however, those attacks accounted for 50 percent of breaches.