Data Breaches: Global History Stats

James Comey, the former director of the FBI, famously said: “there are two kinds of companies. Those that have been hacked and those that don’t know yet that they’ve been hacked.”

Comey’s statement speaks volumes about the rising number of crippling security breaches taking over the world. What’s worse is the growing motivation of hackers to acquire personal information and sell it on the dark web.

Read on as we explore data breach global history through statistics, risks, and costs. We hope this Nira guide will help you understand the importance of data security for your organization and your personal information.

What is a Data Breach?

A data breach is a cyberattack or online security incident where information is taken from a system without the owner’s authorization. Common cyberattack methods to carry out a data breach include malware, phishing, ransomware, and denial of service.

The stolen data can involve confidential, sensitive, or proprietary information, like trade secrets, personal details, credit card numbers, or matters of national security.

Here’s how the U.S. Department of Justice defines a breach:

“The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, access for an unauthorized purpose, or other unauthorized access, to data, whether physical or electronic.”

One of the biggest consequences of a data breach is the damage it does to the victim company’s reputation. The company’s customers and associates see the lack of security as a betrayal of trust, making it extremely difficult to win their confidence back–much like when customers of a bank that has been robbed choose to move their money elsewhere.

The other impact is the more obvious financial loss. Hundreds of millions of dollars are lost every year because of inadequate data security measures—incidents that could’ve been easily evaded by implementing simple security protocols.

How Do Data Breaches Occur?

Data breaches can occur for multiple reasons—even accidentally—but targeted cyberattacks are typically carried out in the following ways:

  • Weak passwords. Malicious hackers can crack weak and insecure user passwords within seconds, which is why experts advise against using simple passwords, especially ones containing whole words or phrases.
  • Targeted malware attacks. Spam and phishing email techniques are the oldest tricks in the book that hackers use to deceive the user into revealing user credentials. Alternatively, they may also get the user to download malware attachments or direct them to vulnerable websites. Regardless of the method, this is an easy way for malware to end up on your computer.
  • Exploiting system vulnerabilities. Redundant or outdated software makes it easier for attackers to sneak malware into a computer and steal critical or sensitive information.
  • Drive-by downloads. You can accidentally download a virus or malware by visiting a compromised web page. A drive-by download uses an outdated browser, application, or operating system—or ones with a security flaw—to get on your computer.

50 Data Breach Statistics That Shook the World

Here are some of the biggest data breach statistics that stood out to us.

  1. The 2020 DBIR analyzed 32,002 security incidents, out of which 3,950 were confirmed breaches. This was double the previous year’s 2,013 breaches – Verizon
  2. The California Department of Motor Vehicles (DMV) cautioned drivers it suffered a data breach after its billing contractor, Automatic Funds Transfer Services, fell victim to an unspecified strain of ransomware – TechCrunch
  3. On November 5, 2020, the infamous hacker, ShinyHunters, leaked a database belonging to Mashable.com that contained 1,852,595 records of staff, users, and subscribers’ data – HackRead
  4. A customer support database containing 280+ million Microsoft customer records was left unprotected on the web – CompariTech
  5. According to Comparitech researchers, Social Data Trading Limited, a company that sells data on social media influencers to marketers, has exposed a database of nearly 235 million social media profiles on the web without a password or any other authentication required to access it – Comparitech
  6. More than 10.6 million people who were guests of the MGM Resorts have had their personal information posted on a hacking forum – ZDNet
  7. Spotify reset an undisclosed number of user passwords after finding a software vulnerability in its systems that ended up exposing private account information to its business partners. The company filed a data breach notification stating the breach “may have included email addresses, preferred display names, passwords, gender, and date of birth only to certain business partners of Spotify.” – TechCrunch
  8. About 500,000 Zoom teleconferencing account credentials were put up on sale on the dark web – Fighting Identity Crimes
  9. 98% of point-of-sale data breaches that took place in the accommodation and food services industry in 2020 were financially motivated – Verizon
  10. Adopting the remote work culture ended up increasing data breach costs in the United States by $137,000. What’s more, 76% of participants said remote work would increase the time to identify and contain a data breach – IBM
  11. Scams increased by 400% after the pandemic hit, making COVID-19 the largest-ever security threat – ReedSmith
  12. The Small Business Administration (SBA) suffered a data breach that exposed the personal information of nearly 8,000 business owners applying for federal disaster loans – U.S. PIRG
  13. Data Breach Costs

    As mentioned, financial losses are a direct consequence of data breaches. Security institutes collect the breached organization’s direct expenses (hotline support, forensic experts) and indirect expenses (in-house investigations and communication, diminished client acquisition rates) to calculate the average cost of a data breach.

    Below are a few statistics to show you how expensive a data breach can be.

  14. The global average cost of a data breach rose from $3.86 million to $4.24 million, making it the highest average total cost in the 17-year history of the IBM report – IBM
  15. A data breach in the healthcare sector was found to be the costliest at $7.13 million – IBM
  16. The average cost per lost or stolen record in a data breach is $150, but the faster an organization contains the attack, the less expensive it’ll be. A breach lifecycle under 200 days costs $1 million less than a lifecycle over 200 days – IBM
  17. IBM identified compromised credentials as the most common initial attack vector, responsible for 20% of breaches at an average breach cost of USD 4.37 million – IBM
  18. When fully deployed, automation and security artificial intelligence (AI) provided the biggest cost mitigation — up to USD 3.81 million — less than organizations without it – IBM
  19. Compared to organizations without zero trust, the average cost of a breach for organizations with a mature zero trust approach was USD 1.76 million – IBM
  20. In 2020, the United States had the highest average total cost of a data breach at $8.64 million – IBM
  21. A mega breach of 1 million to 10 million records has an average total cost of $50 million, which is 22% more than it was in 2018 – IBM
  22. A mega breach of 50 million records has an average total cost of $392 million, which is almost 12% higher than in 2018 – IBM
  23. Hospitals spend 64% more on advertising annually over the next two years after a breach – American Journal of Managed Care
  24. Organizations further along in their cloud modernization strategy contained the breach approximately 77 days faster than those in the early stage of their modernization journey, which also meant lower data breach costs – IBM
  25. Data Breach by Breach Size

    Here, we’ll review some of the biggest data breaches that ended up exposing millions of personal data records. Let’s take a quick look.

  26. In March 2020, the adult video streaming website CAM4 has had its Elasticsearch server breached, exposing 10.88 billion records – Wired
  27. The Yahoo data breach of October 2017 compromised approximately 3 billion user accounts – The New York Times
  28. In March 2018, a data leak on a system run by a state-owned utility company exposed the private information of more than a billion Indian Aadhaar holders, including their names, unique 12-digit identity numbers, and bank details – The Guardian
  29. In May 2019, the website for Fortune 500 real estate title insurance giant First American Financial Corp. leaked 885 million user documents related to mortgage deals dating back to 2003 – Krebs On Security
  30. verifications.io, an email address validation service, exposed 800+ million unique email addresses in a non-password protected 150GB-sized MongoDB instance in February 2019 – Softek
  31. In June 2021, data of over 700 million LinkedIn users, a staggering 92% of the total user base, was posted for sale in a Dark Web forum – Forbes
  32. In April 2019, the UpGuard Cyber Risk team uncovered that two third-party Facebook app datasets were exposed to the public internet, affecting 533 million users – UpGuard
  33. Yahoo believes that information associated with at least 500 million user accounts was stolen in what could have been a state-sponsored attack – Data Center Dynamics
  34. In November 2018, Marriott International announced hackers had stolen data of approximately 500 million Starwood hotel customers after gaining unauthorized access to the Starwood system back in 2014. Surprisingly, this wasn’t discovered until 2018 – The New York Times
  35. In October 2016, cybercriminals gained access to 20 years of data on six databases belonging to the AdultFriendFinder Network. LeakedSource even dubbed this as the biggest data breach of 2016 – Computer World
  36. Data Breach Historical Statistics

    The shift of governments and businesses from paper to digital led to the onset of data breaches. After 2005, the world saw some of the biggest data breaches recorded in history.

    Below, we present data breach statistics that led up to and launched the age of data breaches.

  37. The first computer virus was discovered in the early 1970s and was dubbed as “The Creeper” – History of Information
  38. AOL was the first victim of phishing attacks in 1996 – Phishing
  39. Social media data breaches accounted for 56% of data breaches in the first half of 2018 – IT Web
  40. As of 2019, cyberattacks are considered among the top five risks to global stability – World Economic Forum
  41. The Privacy Rights Clearinghouse started its chronology of data breaches in the year 2005, which is also when the first data breach (DSW Shoe Warehouse) exposed 1.4 million records – LifeLock
  42. The infamous 2017 Equifax data breach exposed names, Social Security numbers, dates of birth, addresses, and, in some cases, driver’s license numbers of 145.5 million American consumers – LifeLock
  43. The largest insider attack happened between 1976 to 2006. Chinese-born engineer Greg Chung stole $2 billion worth of aerospace documents and gave them to China – NBC
  44. As of 2015, an estimated 25% of global data needed security but wasn’t protected – Statista
  45. There have been 300 data breaches involving the theft of 100,000 or more records over the past decade – Forbes
  46. The United States alone saw 1,244 data breaches in 2018, with over 446.5 million records being exposed – Statista
  47. Data breaches exposed 4.1 billion records in the first half of 2019 – Forbes
  48. Data Breach Prevention Statistics

    Identifying and eliminating cybersecurity risks to your data is the best way to protect your organization. Read on to learn how companies are shifting their budgets and priorities to protect themselves from falling victim to cyberattacks.

  49. Worldwide spending on information security and risk management technology and services is forecast to grow 12.4% to reach $150.4 billion in 2021 – Gartner
  50. The Gartner 2021 CIO Agenda Survey found that cybersecurity was the top priority for new spending, with 61% of the more than 2,000 CIOs surveyed increasing investment in cyber/information security this year – Gartner
  51. Around 63% of companies have implemented a biometric system — or plan to soon – Veridium
  52. The global cybersecurity spending will likely exceed $1 trillion cumulatively from 2017 to 2021 – Cybersecurity Ventures
  53. According to Symantec’s 2019 Internet Security Threat Report (ISTR), the number of ransomware attacks fell by 20% in 2018 compared to the 2017 figure – Symantec
  54. Spending in the cybersecurity niche is spread over a number of areas, with 20% allocated to on-premises infrastructure and hardware, 19% to skilled staff, and 16% to on-premises tools and software – CSO

Avoid becoming a data breach statistic by implementing data security measures. Check out the Nira blog to learn data best practices to effectively identify and eliminate cyber threats.