Nearly 2 billion files containing the personal data of US citizens were leaked last year—and that number could be significantly underreported.
In 2017, a total of 551 breaches affected organizations, with over 1.9 billion files leaked, according to research from Citrix ShareFile.
Using data collected from the Privacy Rights Clearinghouse and the 2017 Cost of Data Breach Study by the Ponemon Institute, in partnership with IBM Security, the analysis found that malicious hacking was the most common type of breach in 2017, 819 million files exposed. Unintended disclosure (such as cloud storage misconfigurations) and physical loss were found to be the second and third most common data leakage causes.
These numbers mean that 2017 had an unprecedentedly and far more severely impacted than previous years, but the concerning thing is that these figures don’t include data from companies that have either not disclosed the number of files affected or did not have access to that information.
Breaking down the results, the most targeted and vulnerable industry was healthcare, which recorded 328 leaks (nearly 60% of all leaks in 2017), at an estimated cost of almost $1.2 billion. Of these, 46% came through hacking or malware, 33% were a result of unintended disclosure, 18% came from physical loss, and a combined 4% came from insider leaks and portable devices. The Commonwealth Health Organization suffered the largest breach in healthcare in 2017, with 697,800 records reported to be compromised.
According to Citrix ShareFile, healthcare was targeted because personal data such as Social Security numbers and payment information is among the highest valued information for cybercriminals.
Other industries that were disproportionately affected by breaches include the technology sector (48 breaches, amounting to 1.8 billion files and an estimated cost of $1.2 billion), finance (40 breaches and 146 million records, at an estimated cost of $144.8 million) and retail (40 breaches representing 4.7 million records at an estimated cost of $144,800).
In the report, Charlie Porter, an agent at Farmers Insurance, explained that 2017 was “the worst in history for large-scale data breaches,” adding that the “effects of the incidents could take years or decades to deal with.”
“These figures show that despite organizations and individuals being more vigilant, businesses are facing more challenges than ever before as individuals exploit any possible vulnerability they can,” said Allyson Kuegel, customer security assurance analyst at Citrix. “In the technological era, people are more willing than ever to supply data, whether it is on personal social media accounts or through transactions they make. It is not just online, where companies face potential problems but also in ensuring their own organizations invest in the latest software and have effective internal protocols.”
She added, “The battle against cybercrime and data breaches will continue for a long time as hackers look to keep one step ahead of the latest security services.”