- Reported breaches rose 54% this year compared to midyear 2018, surpassing 2016 as the "worst year on record," according to a RiskBased Security research on data breaches that occurred during the first six months of 2019.
- Eight breaches exposed more than 3.2 billion records, accounting for nearly 80% of the compromised records so far this year. This year, most reported breaches had a low to moderate impact, exposing 10,000 records or less.
- Even though data leaks expose less than 230 records on average, their frequency contributed to the 52% spike in compromised records from last year.
For customers that have to deal with the cleanup of a data breach, it doesn't matter if millions of other consumers were compromised alongside them.
Tens of thousands of MoviePass customers' credit and debit card numbers and personal data were left open on an unprotected server, TechCrunch reported Tuesday. A security researcher informed the movie ticket subscription company of the vulnerable database, which held millions of other records and continues to grow in real time.
"Technically, this breach can be interpreted as the company giving away customer data for free," said Kevin Gosschalk, CEO of Arkose Labs, in an emailed statement to CIO Dive. Mishandling security controls contributes to bad actors' most favorable method of breaches: locating companies with open or vulnerable databases.
Since January 2018, unauthorized access of systems or services, skimmers and unintentional exposure of personal data on the internet account for the top three types of breaches, according to the RiskBased Security. Malicious insiders also contributed to nearly 7 billion exposed records in the last 18 months.
Non-malicious insider threats are more common. Insiders unintentionally mismanage security controls, which can result in open servers, as seen with MoviePass.
Capital One and Equifax had issues with web application configurations; a relatively simple mitigation would have protected them from unwanted intruders. When hackers can find vulnerable companies that house data as a third party, it amplifies the risk for the primary business.