The number of data breaches increased more than 400 percent in 2018 exposing almost 15 billion records, according to the identity intelligence company 4iQ.

The company’s annual report confirmed 12,440 new breaches, a 424 percent increase compared to 2017, and of the 14.9 billion records compromised, 3.6 billion were confirmed real and exposed for the first time and were not part of an earlier breach. Government agencies were fastest growing target suffering a 291 percent increase in data breach incidents and the United States and China were home for 47 percent of all breached records, 4iQ found.

The bit of good news is the size of an individual breach shrank averaging 216,884, almost five times smaller than in 2017.

The 14.9 billion raw records found in 2018 was up from the 8.7 billion breached in 2017.

The breaches noted in the report are not all that occurred worldwide during the year, but just those spotted and confirmed by 4iQ.

The report noted a new trend is the repackaging of username and password databases into “Combo Lists”. These lists contain thousands of cleartext credentials.

“The data is used to automate brute-forcing of authentication on websites, taking advantage of the fact that people reuse passwords across many sites,” the report stated.

The report also showed that in most cases cybercriminals did not have to put forth an effort to find records. Sixty-three percent of the records were exposed accidentally, generally through misconfigured or open servers. This combined with the use of automated crawlers that can search out these treasure troves of information greatly added to the total number of records captured, 4iQ said.

4iQ also tallied the top 10 biggest breaches of 2018:

  1. Anti-Public Combo Collections – (Hacked) Sanixer Collection #1-6, 1.8 billion unique email addresses.
  2. Aadhaar, India – (Open third party device) 1.1 billion people affected
  3. Marriott Starwood Hotels – (Hacked) 500 million guests PII
  4. Exactis – (Open device) 340 million people and businesses.
  5. HuaZhu Group – (Accidental Exposure) 240 million records
  6. Apollo – (Open device) 150 million app users.
  7. Quora – (Hacked) 100 million users.
  8. Google+ – (API Glitch) 52.2 million users.
  9. Chegg – (Hacked) 40 million accounts
  10.  Cathay Pacific Airways (Targeted attack) 9.4 million passengers.