2016 Data Breach Trends â Year In Review. Sponsored by: ...... Systems, Inc. .... User Name. NUM. Phone Number. IP. In
Data Breach QuickView Report
2016 Data Breach Trends – Year In Review
Sponsored by: Risk Based Security
Issued in January 2017
2016 Sets new records, once again …
Not Just Security, the Right Security. 1
• There were 4,149 breaches reported during 2016 exposing over 4.2 billion records – approximately 3.2 billion more records than the previous all time high exposed in 2013. • Top 10 breaches (9 Hacks1 and 1 Web) exposed a combined 3 billion records. • Top 10 Severity scores averaged 9.96 out of 10.0. • The Business sector accounted for 51% of reported breaches, followed by Unknown (23.4%), Government (11.7%), Medical (9.2%), and Education (4.7%). • The Business sector accounted for 80.9% of the number of records exposed, followed by Unknown (13.1%), Government (5.6%), Medical (.3%), and Education < .1%. • 53.3% of reported breaches were the result of Hacking, which accounted for 91.9% of the exposed records. • Malware accounted for 4.5% of the reported breaches, but represented just 0.4% of the records compromised. • Breaches involving U.S. entities accounted for 47.5% of the breaches and 68.2% of the exposed records. • 37.2% of the breaches exposed between one and 1000 records, 50.4% of breaches exposed between one and 10,000 records. • 256 breaches involved Third Parties. • Ninety-four (94) breaches in 2016 exposed one million or more records. • Six (6) 2016 breaches have taken their place on the Top 10 List of All Time Largest Breaches. • In December 2016, Yahoo reported the single largest breach ever disclosed, impacting over 1 billion records. • The number of reported breaches tracked by Risk Based Security has exceeded 23,700, exposing over 9.2 billion records.
See page 16 for definitions 1 | Data Breach Intelligence Copyright © 2017 Risk Based Security, Inc. All rights reserved.
Table of Contents 2016 COMPARED TO THE PRIOR FOUR YEARS .................................................................................. 3 2016 BY INDUSTRY BY MONTH ...................................................................................................... 3 2016 ANALYSIS BY BREACH TYPE ................................................................................................... 4 2016 DATA BREACH ANALYSIS BY THREAT VECTOR ........................................................................... 5 2016 EXPOSED RECORDS BY THREAT VECTOR .................................................................................. 5 2016 ANALYSIS BY DATA FAMILY ................................................................................................... 6 2016 PERCENTAGE OF BREACHES EXPOSING DATA TYPES VS. 2015 ..................................................... 6 2016 ANALYSIS OF RECORDS PER BREACH ....................................................................................... 7 2016 - BREACH TYPES/RECORDS EXPOSED – TOP 5 .......................................................................... 8 2016 ANALYSIS BY COUNTRY ......................................................................................................... 8 2016 ANALYSIS BY COUNTRY – TOP 10 ........................................................................................... 9 2016 EXPOSED RECORDS BY COUNTRY – TOP 10 .............................................................................. 9 2016 ANALYSIS OF US STATE RANKINGS ....................................................................................... 10 2016 BREACHES INVOLVING THIRD PARTIES ................................................................................... 11 2016 REPEAT OFFENDERS ........................................................................................................... 12 2016 – BREACH SEVERITY SCORING .............................................................................................. 12 2016 – BREACH SEVERITY SCORES ................................................................................................ 12 2016 – BREACH SEVERITY SCORES – TOP 10 .................................................................................. 13 TOP 20 BREACHES ALL TIME (EXPOSED RECORDS COUNT) ................................................................ 14 METHODOLOGY & TERMS ........................................................................................................... 16
2 | Data Breach Intelligence Copyright © 2017 Risk Based Security, Inc. All rights reserved.
2016 Compared to the Prior Four Years
Number of Incidents by Year 5,000
4,326
4,500 4,000 3,500
4,281
4,149
3,275
3,334
3,000
Number of Records Exposed (in millions) by Year
2,612
2,500 2,000 1,500 1,000
1,106
1,095
2013
2014
822
525
500 2012
2013
2014
2015
2016
2012
2015
2016
2016 by Industry by Month
2016 Distribution of Incidents by Industry, by Month 500 400 300 200 100 0 JAN
FEB
MAR
APR Business
MAY Government
JUN
JUL
Medical
AUG Education
SEP
OCT
NOV
DEC
Unknown
2016 Distribution of Exposed Records by Industry, by Month 100.0% 80.0% 60.0% 40.0% 20.0% 0.0% JAN
FEB
MAR
Business
APR
MAY
Government
JUN Medical
JUL
AUG Education
SEP
OCT
NOV
Unknown
3 | Data Breach Intelligence Copyright © 2017 Risk Based Security, Inc. All rights reserved.
DEC
2016 Analysis by Breach Type 2016 Incidents - Top 10 Breach Types 0
1000
2000
Hacking
3000 2213
Skimming
Hacking continues to dominate as the leading breach type, with SQL injection a predominant method utilized. Stolen laptops, once a leading cause of data compromise, accounted for only 67 (1.6%) of incidents in 2016.
482
Phishing
203
Virus
185
Web
167
Lost, Missing, Stolen Hardware/ Devices
137
FraudSe
133
Lost, Missing, Stolen Documents
128
Unknown
120
eMail
105
2016 Records Exposed by Breach Type 0.0%
20.0%
Hacking
Web
40.0%
60.0%
80.0%
100.0%
92.5%
6.0%
Unknown
1.2%
Virus
0.4%
Misconfigured databases and other inadvertent web based disclosures exposed over 253 million records in 2016.
4 | Data Breach Intelligence Copyright © 2017 Risk Based Security, Inc. All rights reserved.
2016 Data Breach Analysis by Threat Vector 2016 Number of Incidents by Threat Vector 3226
Outside Inside-Accidental
313
Inside-Unknown
242
Inside-Malicious
206
Unknown
162 -
Only 18.3% of incidents were the result of insider activity
500 1,000 1,500 2,000 2,500 3,000 3,500
2016 Exposed Records by Threat Vector Threat Vector Outside Inside-Accidental Inside-Malicious Inside-Unknown Unknown Total
Records Exposed 3,819,637,019 87,888,518 2,295,432 121,425,860 250,548,979 4,281,795,808
56.3% of incidents originating from malicious insiders had no confirmed record count, while 39.3% of incidents originating from insider accidents had no confirmed count
Top 10 Breaches – Data Types and Severity Scores2 Breach Type
Data Type3
Records Exposed
Percentage of Total Exposed
Hack Hack
1,000,000,000 500,000,000
23.35% 11.68%
DOB/EMA/MISC/NAA/NUM/PWD DOB/EMA/MISC/NAA/NUM/PWD
10 10
Hack
412,214,295
9.63%
EMA/IP/MISC/PWD/USR
10
Hack Hack
360,213,024 203,419,083
8.41%
10 10
Hack
154,000,000
4.75% 3.60%
EMA/PWD/USR ADD/DOB/FIN/MISC/NAA/NUM ADD/EMA/MISC/NAA/NUM
10
127,343,437
2.97%
DOB/EMA/NAA/PWD/USR
9.70
Hack Web
98,167,935 93,424,710
2.29% 2.18%
EMA/MISC/PWD/USR ADD/DOB/MISC/NAA
9.59 9.82
Hack
93,338,602
2.18%
EMA/NAA/NUM/PWD
10
Hack
Severity Score
The top 10 breaches exposed 3,042,121,086 records, or 71% of the total records exposed in 2016
2 3
See page 13 for additional detail on these incidents. See page 17 for a description of abbreviations. 5 | Data Breach Intelligence Copyright © 2017 Risk Based Security, Inc. All rights reserved.
2016 Analysis by Data Family
Data Family Electronic Physical Unknown
Percentage of Total Breaches 2015 89.5% 7.1% 3.0%
Percentage of Total Exposed Records 2015 99.6%