The overall number of breaches fell in 2018, but the number of compromised records skyrocketed, resulting in a 126% increase, according to the 2018 End-of-Year Data Breach Report.
The Identity Theft Resource Center tracked the data breach events of 2018 and published a 180-page report in which it found that the total number of records compromised last year was 446,515,334, up from 197,612,748 in 2017.
The study also found that “vulnerabilities in software platforms and human error and susceptibility to increasingly sophisticated phishing scams are exploited by individuals trying to steal information. As consumers, we need to protect our information when companies that house our data are the target of breaches.”
According to the report, the majority of 2018's 1,244 data breaches were the result of hacking, with the business sector suffering the largest number of breaches (571) and the healthcare sector not far behind (363).
“Attackers will use one of many techniques, such as account manipulation, bash history, brute force, credential dumping, registry- based credentials, forced authentication, hooking, input capture, kerberoasting, and keychain attacks and many more,” said Anthony James, chief strategy officer, CipherCloud.
Three major breaches exposed more than 100 million records. The Facebook data breach resulted in hackers gaining access to the tokens for 50 million accounts, while Google’s two data breaches impacted 53 million users.
“A security bug allowed third-party developers to access public user profile data since 2015. If a user gave permission to an app to access their public profile data, the bug also let developers pull non-public profile fields for the user and user’s friends including: full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status,” the report said.
In addition to user error, third-party vendors have significantly multiplied the risks that both consumers and businesses face, according to Colin Bastable, CEO of cybersecurity test and training company, Lucy Security.
"The fewer moving parts we have between us and our data, the safer we are. By making login more convenient for users, for example by using Facebook, Google or another intermediary, organizations are exposing consumers to significant, chronic risk."