sb-as logo
Story image

Q1 2020 sees more data breaches than ever before

Breaches and leaks of sensitive data on a large scale are becoming more common as the cyberthreats ramp up in 2020, with the number of breached records globally surging by 273% in Q1 2020 compared to the prior-year period.

That’s according to research from Atlas VPN, which also found that a total of 8.4 billion individual documents have been leaked in the first three months of this year alone – many of which were concentrated in 11 specific breaches, in which each breach exposed more than 100 million records.

This huge number of breaches represents a record high for a first-quarter – the only other year which came close was Q1 2017, in which 3.4 billion records were exposed.

For some perspective, the total number of records exposed in the first quarters of the years from 2013 to 2019 totalled to 8.05 billion – meaning that total is still not as high as Q1 2020.

According to the research, the majority of the exposed data originated from a single unprotected ElasticSearch server, from which over 5 billion records were exposed, including emails and passwords from services such as Adobe, Twitter, LinkedIn and Tumblr, among others.

There were 1,196 individual data leaks in Q1 2020, according to publicly available data, of which almost 40% happened in the United States.

However the data may be skewed as the disclosure requirements in the US are strong compared to other countries, meaning thousands of leaks may be happening across the world without being reported.

And even if the leaks are reported, as many as 42.06% do not have an identifiable source – meaning an unsecured cloud or similar servers containing users’ information was discovered, but nobody knows where it came from.

According to the research, 70% of all breaches result from phishing scams. Instances of phishing have skyrocketed in the era of COVID-19, as attackers take advantage of remote workers not having the protection they usually enjoy while on-premise.

Atlas VPN says that the IT sector was the hardest hit in terms of breaches in Q1 2020 – breaches more than doubled when comparing the quarter to the same time in 2019.

Following IT, the manufacturing and healthcare sectors were next on the list of breach increases between years. The healthcare industry is especially vulnerable because of its widespread use of outdated technology, as well as the fact that the industry is underfunded in many countries. 

Reports show that over 56% of devices operating in the health sector are still running on Windows 7, while 27% of medical devices are still operating on Windows XP or decommissioned versions of Linux OS.

Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Download image
Enterprise leaders discuss what makes up networking infrastructure
NFV is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
NVIDIA backs the future of hardware-based zero trust security
Check Point’s Infinity NEXT architecture will support NVIDIA DPUs by providing zero trust security. More
Story image
UiPath and eSentire bring hyperautomation to Microsoft Security
UiPath and eSentire have announced a strategic partnership to deliver end-to-end security policy automation across multiple Microsoft Security services.More