Before 2009, the majority of data breaches were the fault of human errors like misplaced hard drives and stolen laptops, or the efforts of “inside men” looking to make a profit by selling data to the highest bidder. Since then, the volume of malicious hacking (shown in purple) has exploded relative to other forms of data loss.
From Millions to Billions
Increasingly sophisticated hacking has altered the scale of data loss by orders of magnitude. For example, an “inside job” breach at data broker Court Ventures was once one of the world’s largest single losses of records at 200 million.
However, it was eclipsed in size shortly thereafter by malicious hacks at Yahoo in 2013 and 2014 that compromised over 1.5 billion records, and now larger hacks are increasingly becoming the norm.
Small But Powerful
The problems caused by hacks, leaks and other data breaches are not just ones of scale. For example, the accidental 2016 leak of information from spam/email marketing service River City Media stands out at an alarming 1.37 billion records lost. However, sorting by data sensitivity paints a different picture. The River City leak – represented by the larger blue dot below – is surpassed in severity by hacks at Yahoo, at web design platform Weebly, and even at adult video provider Brazzers.
Much of the data lost in the River City hack was made up of long lists of consumer email addresses to be used for spam email distribution, while the other hacks listed compromised items like account passwords, banking information, addresses, phone numbers, or health records. While having your email address become the target for spam exploitation is a serious annoyance, the hacking of much more sensitive personal data has quickly become the norm.
The fact that more and more of our data is being stored “in the cloud” and among devices on the Internet of Things means that increasingly sensitive types of data are now more vulnerable than ever to being hacked. This looks to be even more cause for concern than the rapidly rising volume of records that have been exposed, whether intentionally or by accident.
No comments:
Post a Comment