Future tense

During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the first quarter of 202, more than 818 million data sets.

Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices.

From vulnerable Artificial Intelligence (AI) platforms to poor data security protocols, bad actors exploit these vulnerabilities, stealing consumer data and using it for monetary gain or other illegal purposes.

Certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw 495 reported data breach incidents with confirmed data loss. The second were financial institutions, with 421 data breach cases, followed by healthcare providers.

Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was USD 4.45 million (US). Meanwhile, a leaked data record cost about USD 165. The United States saw the highest average breach cost globally, at USD 9.48 million.

With data breaches having increased in recent months, businesses are being advised to remain extra vigilant.

Telecom firm BT revealed in 2023 that more than 46 million cyberattack signals are seen on average every day worldwide, which serves as a reminder that these threats are inevitable. Therefore, what matters is organisations have strong enough cybersecurity measures and disaster frameworks in place to mitigate the impact of malicious activity.

By implementing threat detection and response strategies, businesses have a much higher chance of protecting valuable data or recovering more easily from a breach.

India was recently ranked fifth among the most breached countries in 2023 with a staggering 5.3 million leaked accounts. This places India in the company of nations such as the United States, Russia, France, and Spain, an analysis conducted by Surfshark has revealed.

The United States topped the list, facing 32 per cent of all breaches globally, amounting to almost 100 million breached online accounts in 2023. This marked a jump from its third-place ranking in 2022. Russia followed closely in second place, with France, Spain, and India rounding out the top five.

Despite India’s high ranking, there is some positive news: the breach rate in the country decreased by 56 per cent compared to 2022, resulting in an 18 per cent decrease in data breaches globally.

In 2022, India was ranked seventh on the list of breached countries, with 12.3 million accounts compromised. This suggests a significant improvement in cybersecurity efforts within the country over the past year.

LinkedIn emerged as one of the major platforms affected by data breaches, with almost 11.5 million emails leaked due to the scraping of publicly available information. Other platforms, particularly in Russia, also experienced substantial breaches, with millions of email accounts compromised.

Overall, there was a positive trend in data breaches globally, with a 20 per cent decrease in affected accounts compared to 2022. However, despite this improvement, 300 million users worldwide still experienced breaches, highlighting the ongoing challenges in cybersecurity.

In individual cases, data breaches may be caused by someone’s devices getting lost, infected with malware, or personal data becoming available to unauthorised parties in any other way. Organisations experience data breach incidents in various scenarios. For example, threat actors attack the company with the intent of stealing sensitive information. The second-most frequently encountered scenario is an unintentional error by an insider. The next common case is when a malicious insider accesses confidential and sensitive information. Data breaches can also happen because of lost or stolen assets. For example, theft or loss of a company device that contains confidential and sensitive information.

The loss of sensitive information can cost companies millions of dollars each year. The average cost of a data breach incident across companies worldwide is USD 4.45 million. This includes detection, business losses, post-breach response and notification. Among these, the detection and escalation of the data breach was the costliest segment.

Threat actors usually try to target the most sensitive information. In 2023, more than 52 per cent of all data breach incidents in global organisations involved customer Personal Identifiable Information (PII), thus making it the most frequently breached type of data. Roughly four in 10 data breaches involved employee personal identifiable information. Furthermore, 76 per cent of social engineering attacks resulted in the loss of credentials, with financial and insurance companies encountering the highest share of breached credentials.

Data breach incidents most frequently target financial and healthcare institutions. The reason for this is straightforward as banks and insurance companies store a huge amount of sensitive data and financial resources, and healthcare institutions have a critical mission while also collecting sensitive information.

When a data breach incident is reported, the data privacy watchdogs immediately start investigating the case. If they find evidence that the company violated the privacy regulations, they issue a corresponding fine.

According to the Cybernews tool’s findings, in 2023, 3,336 websites were breached in the 10 most-breached countries — 19 per cent less than the 4,138 breached websites in 2022. To get a feel for the scope, there was an average of 278 successful website breaches per month in 2023 in the 10 most-breached countries.

“Threat actors can steal email addresses, passwords, credit card numbers, and other data from companies, buy personal data on darknet marketplaces, or steal it directly from you as part of a hack. Even with a small amount of leaked data, malicious actors can steal other credentials, try to use the data for phishing attacks, spam or even ruin a person’s finances or reputation,” Cybernews Head of Security Research Vincentas Baubonis has been quoted as saying.

The USA and the UK remain amongst the most targeted countries in the world. Personal data leak checker statistics show that the five most breached countries in 2023 were the United States, the United Kingdom, France, India, and Canada. It’s important to note that this list of the top 10 countries breached in 2023 is made according to the number of breached websites, not breached accounts, in each country.

The country that has been most targeted over the past two years is the United States. Despite that, we see a positive trend overall, as the number of breached websites and accounts decreased in 2023. The number of breached websites decreased by almost 13 per cent and breached accounts by 19 per cent.

The number of breached accounts has also fallen in the United Kingdom from 1.9M to 1.25M, and successful attacks on websites have been reduced by 18 per cent.

However, there is some light at the end of the tunnel. In France, the number of breached websites fell by almost 18 per cent, and 88.6 per cent fewer accounts were breached in 2023 compared to 2022.

Meanwhile, in 2023, 524K Canadian accounts were affected, a halved number from 2022, leaving Canada the fifth most breached country on the list.

In tenth-ranked Brazil, the number of breached websites dropped by 19 per cent. Breaches of Indian accounts fell from 10M to slightly more than 3M. Compared to 2022, Germany dropped to 6th from 4th place in the top 10 list. Meanwhile, Colombia rose from 13th to 8th place with 311 breached websites in 2023.

Decreasing numbers are seen in all 10 countries on the list, except for Spain. Although the number of breached websites decreased, the number of breached user accounts grew by slightly more than 19,000 in 2023 compared to 2022.

According to Baubonis, online breaches are usually followed by certain suspicious activity that users should treat as warning signs that one or more of their accounts have been breached.

“You could start getting more spam messages than usual, receiving two-factor authentication notifications on mobile devices or password reset notifications. If you notice one or more of the warnings mentioned above, change the password for all your accounts that use the compromised email address. Also, get a reliable password manager to generate strong passwords and use two-factor authentication (2FA),” the researcher recommends.

Each US citizen has lost an average of 37 data points due to breaches since 2004. The most common leaks involve names, passwords, and compressed data formats, totalling over 12.5 billion data points compromised.

Data breaches in Russia have compromised over 4.3 billion data points, including personal details like names, phone numbers, last names, and passwords. A notorious 2019 case involved the black-market sale of personal information from 60 million Sberbank credit card holders.

China has seen roughly 2 billion data points exposed, including names, IP (internet protocol) addresses, usernames, encryption passwords, and passwords, totalling around 2 billion. A significant data leak in March 2019 compromised the data of 364 million WeChat and QQ users.

France has experienced over 1.4 billion data breaches, exposing information, such as birthdates, encryption passwords (password hashes), usernames, and passwords. One of the biggest cases was a ransomware attack targeting insurance giant AXA in May 2021.

India has also seen over 1.2 billion data leaks, exposing information, such as names, phone numbers, and passwords. Several major companies have been targeted by cybercriminals, including the Aadhaar database, BigBasket, Air India, Dominos, and State Bank of India.

The UK has suffered over 1.06 billion data leaks, compromising names, usernames, and passwords. A major cyberattack hit electronics retailer Dixons Carphone in July 2017, resulting in the loss of 14 million personal records and 5.6 million payment card details.

Germany has experienced nearly 1 billion data breaches, exposing information like IP addresses, usernames, and passwords. In August 2019, German authorities in the state of Hessen apprehended the hackers responsible for the country’s biggest data leak on December 1-28, 2018, involving the theft of hundreds of politicians’ personal data, such as mobile phone numbers, personal chat histories, and credit card details.

Canada has surpassed 621 million data breaches, compromising personal information while a significant cyberattack on Desjardins Group in June 2023 resulted in the disclosure of data from 4.2 million customers.

Views expressed are personal