Breach, Data Security

Breach index: Mega breaches, rise in identity theft mark 2014

A global study found that more than one billion records were compromised in data breaches last year.

According to Gemalto's Breach Level Index (PDF) published Thursday, more than 1,500 data breaches in 2014 accounted for the whopping incidence of records stolen or lost. Between 2013 and 2014, the number of data breaches worldwide increased 49 percent, while the number of records involved in such incidents spiked 78 percent. SafeNet, which previously released the BLI reports, was acquired in January by Gemalto.

Some of the U.S. mega breaches noted in the report were those experienced by Home Depot (impacting 109 million records), JPMorgan Chase (83 million records) and eBay (145 million records) last year.

Gemalto called attention to Sony Pictures Entertainment's breach involving 47,000 records, which wasn't nearly as big in scope regarding records exposed, though still "notable" as it was “one of the most highly publicized hack attacks ever, garnering much attention because the U.S. federal government blamed the incident on North Korean hackers,” the report said.

After analyzing the motivations of cybercriminals targeting organizations, Gemalto found that the majority of breaches last year, 54 percent, were identity theft-based.

“Organizations were hit with 827 of these attacks, which accounted for more than half of the total,” the report said. “That's up dramatically from just 20 percent in 2013, which should be a concern for security operations.”

Tsion Gonen, vice president of strategy for identity and data protection at Gemalto, spoke to in a Friday interview about the “dramatic increase” in identity theft-based breaches.

“The identity theft element itself is very interesting,” Gonen said. “Credit card data was the highlight before [for attackers], but I think what we are seeing is attackers trying to find the most valuable piece of information they can use later on. Financial organizations became very edgy with their finger on the trigger when it comes to fraud alerts – so that window of opportunity to use [credit card] information goes down dramatically,” Gonen explained.

Breaches where cybercriminals were motivated to access financial data, however, were the second most common type of attack last year, the report found. In 2014, 17 percent of breaches (261 incidents) were aimed towards financial access. The year prior, however, those attacks accounted for 50 percent of breaches.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.