Q1 data breaches down, but exposed records reach new high

Accidents happen

Reports of accidental data exposures and leaks have become more common in recent years as threat researchers have discovered many misconfigured databases and cloud instances. Inga Goddijn, executive vice president of Risk Based Security and co-author of the report, said it's unclear if the number of leaks has increased or if researchers are paying more attention to them.

"Shodan and other tools to search for internet-connected devices have made it a more accessible pastime for researchers and folks interested in looking at these types of misconfigurations," Goddijn said. "I think there certainly is an element of researchers becoming more skilled at finding these data sets, but as researchers become more skilled, so do malicious actors."

In addition, the threat intelligence firm found that approximately 70 percent of reported breaches were due to unauthorized access to systems or services, while approximately 90 percent of records exposed were attributable to exposing or publishing data online.

While malicious attacks account for more of the breach activity by sheer count, the accidental exposure or failure to protect a database is driving up the number of records being exposed, said Goddijn.

"Malicious attacks have that whole component to them where to an extent, you can say the attackers are after that information for malicious purposes. Whereas with the accidental exposure, the data is out there, it's set loose, but you don't know for certain if anyone has used it for nefarious purposes," Goddijn said.

However, both types of attacks are problematic.

"With the accidental leaks, it makes it easier for folks who want to get in the malicious space to start out with 'Hey, let's go look for open data sets.' Once that data is exposed and especially if people are rifling through it, you have even I think less visibility into what the ultimate consequences might be for that information being out there," Goddijn said.

The number of publicly disclosed breaches overall in the first quarter of 2020 dramatically decreased compared to 2019. "There were 1,196 breaches reported in the first three months of 2020, the lowest number of breaches disclosed during the first quarter since 2016," Risk Based Security wrote in the report.

In addition to COVID-19, Risk Based Security attributed the decline to the unusually high number of breaches reported in the first quarter of 2019. A total of 3,813 breaches were reported in the first six months of 2019, exposing over 4.1 billion records, according to the Risk Based Security's 2019 Mid-year quick view data breach report.

And while the number of overall reported breaches declined in Q1, the healthcare industry led all verticals with 106 breaches during that period; COVID-19 was also one of the reasons healthcare topped all industries, said Goddijn.

"Healthcare is usually right up toward to the top but it fluctuates quarter to quarter. With the pandemic and so much attention being focused on healthcare and the whole industry, it presented a unique opportunity for attackers, especially those who make use of ransomware," Goddijn said. "It's not like the threat actors were discovering a whole new source of information, but I think they took the tools and technology they had at hand and took advantage of the situation."