Posted on February 6, 2019 at 5:34 PM
According to the recent Data Breach Report published by the Identity Theft Resource Center, hackers managed to steal nearly half a billion sensitive personal records. The previous year was filled with numerous reports of hacks and malware attacks, and the report claims that this is a 126% more than what was reported to be stolen in 2017 (198 million records).
This is also a new record for the number of stolen files per year, officially making 2018 the worst year in regards to hacking attacks so far.
The increase, of course, includes incidents from around the world, although it is interesting to note that the number of data breaches in the United States actually dropped by 23% when compared to 2017. Even so, this is not a positive thing, as the number of stolen records is still high, despite the lower number of breaches.
The discovery indicates that more and more data is stored within databases, which makes it easier for hackers to steal large quantities at once. All they need to do is find a single entry point and get all of the records at once, according to ITRC’s CEO, Eva Casey-Valasquez.
One example of this is one of the largest social media platforms, Facebook. As many are already aware of, Facebook users can use their account to log into a number of other platforms. This makes numerous accounts vulnerable if hackers manage to break through Facebook’s own defenses. This had already happened in 2018 when hackers managed to access 50 million accounts by obtaining “tokens” that keep users logged in. In addition, the attackers are getting more skilled, and are developing new methods.
While businesses and websites are improving as well, the hackers are seemingly advancing with greater speed, which allows them to remain one or more steps ahead of security researchers. Another detail that can be noticed regarding the attacks in 2018 is that hackers are focusing more on the users, and less on the methods of tricking the systems, as it is easier to trick the person via phishing attacks.
Meanwhile, even though the number of sensitive information that was stolen is extremely high, it is nowhere near the number of stolen non-sensitive data, such as usernames, passwords, or email addresses. This number, according to the ITRC report, is at around 1.6 billion.
While this type of data may not seem as harmful as the theft of sensitive information, it should not be dismissed easily. Hackers are known for being patient and collecting databases that can be used for obtaining information about users, piece by piece if necessary. The more pieces they get, the more accurately they can represent the person whose data was stolen.
The login information for most websites only requires email and password, after all, and obtaining only one of the two is half the job. Additional protective measures, such as two-factor authentication are always helpful, although even this can be bypassed in some cases.
As for the sensitive information, the consequences can be much greater than a simple theft of an online account. Even if someone were to steal users’ credit card, the situation can be handled relatively quickly, provided that the user notices it in time. However, the theft of documents such as medical files can endanger people’s lives.
The dangers of stolen information
Considering this, it is especially concerning that the healthcare sector is the second in the number of breaches, with around 363 of them reported in 2018. All of these breaches combined exposed around 10 million records, according to estimates, which is, once again, twice the amount that was reported in 2017.
Medical records can be misused in a number of different ways, such as conducting the insurance fraud. Hackers can “give” their victim a disease that costs a lot to treat, and then steal the insurance payments without the victim ever being aware of what happened. This is a major problem, as the information about the disease will go to the victim’s real medical file as well. As a result, the doctors will have false information about their patient, which can negatively impact the treatment that the patient does need.
Estimates regarding these breaches are also more difficult to make, as companies are underestimating the importance of the breaches. As a result, they often do not give it enough attention, and those who are actually affected personally do not know how to respond. For example, the procedure that victims need to go through when the credit card information gets stolen is not the same as the one when Social Security numbers are compromised, and the victims cannot react in time.
This is why ITCR urges every industry that gets their systems compromised to share information, be transparent, and not left out any details, as they may mean a lot on an individual level.
What can internet users fo about it?
The situation is becoming worse with every new breach, and researchers often say that the question is not whether or not someone was hacked, but how many times? The number of breaches is massive, and the number of stolen records of all kinds exceeds trillions. Because of this, it is better for everyone to assume that their data is already stolen.
However, there are a few ways to reduce the damage, even if by a small amount. Users should always set up strong and unique passwords for each of their accounts, which will at least protect their other accounts if one gets hacked. In addition, it is better to use password managers than to try and remember passwords.
Financial accounts are among the most important, which is why users are advised to set up security alerts for each transaction that gets performed. Finally, all of the accounts that a person has should be regularly checked for suspicious activities such as unknown logins.