Top data breach trends in 2016

When news broke in December of a massive data breach at Yahoo, it was met with a collective “This, again? Didn’t they just report a breach?” The company had, in fact, reported a record-breaking breach of 500 million user accounts three months earlier, but it was dwarfed by the December breach, which impacted over 1 billion records.

That pair of record breaking breaches was a fitting way to cap off a year marked by massive data breaches. As security intelligence provider Risk Based Security (RBS) points out in its newly-released 2016 Data Breach Trends report, “six 2016 breaches have taken their place on the Top 10 List of All Time Largest Breaches.”

By many measures, and not surprisingly, the data breach trend story for 2016 is one of explosive growth in the number of records exposed, from 822 million in 2015 to over 4.2 billion in 2016 — and “approximately 3.2 billion more records than the previous all-time high exposed in 2013.”

While the number of records exposed was far higher in 2016 than the year prior, the RBS report found that the total number of incidents declined from 4,326 in 2015 to 4,149 in 2016. Inga Goddijn, executive vice president of Risk Based Security, offered a couple of explanations for the decline in one measure and the growth in the other.

One explanation is that attackers were more targeted in their efforts. “[W]e also saw a number of successful targeted attacks using fairly straightforward methods, like the wave of phishing attacks targeting W2 data. Phishing is nothing new but scammers refined their approach — quite successfully — targeting HR personnel during the height of tax data preparation season. Over 100 companies and their employees were victims of this type of scam, resulting in data being used in fake tax return schemes,” said Goddijn.

Another explanation, however, is that year by year counts are inherently tricky and are as much an accident of categorization as anything. “This year, there were a handful of data thefts that occurred in prior years but only came to light in this year,” says Goddijn. “The two incidents at Yahoo are good examples. The first breach, impacting 500 million records, originated from an intrusion taking place at least as far back as 2014. The second event, compromising over 1 billion records, is believed to have resulted from an intrusion taking place in 2013 or possibly earlier. What is alarming about these types of events is that they were not detected earlier. In fact, the second, larger breach at Yahoo may not have been discovered at all had the first incident not triggered a deeper investigation.”


Phishing, skimming rise; hacking holds ground

In its 2015 report, RBS found that hacking was by far the top breach type, accounting for 2,540 incidents. Again in 2016 hacking took the top spot with 2,213 incidents, but it ceded some ground to other types of breaches.