SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Q1 2020 sees more data breaches than ever before
Tue, 19th May 2020
FYI, this story is more than a year old

Breaches and leaks of sensitive data on a large scale are becoming more common as the cyberthreats ramp up in 2020, with the number of breached records globally surging by 273% in Q1 2020 compared to the prior-year period.

That's according to research from Atlas VPN, which also found that a total of 8.4 billion individual documents have been leaked in the first three months of this year alone – many of which were concentrated in 11 specific breaches, in which each breach exposed more than 100 million records.

This huge number of breaches represents a record high for a first-quarter – the only other year which came close was Q1 2017, in which 3.4 billion records were exposed.

For some perspective, the total number of records exposed in the first quarters of the years from 2013 to 2019 totalled to 8.05 billion – meaning that total is still not as high as Q1 2020.

According to the research, the majority of the exposed data originated from a single unprotected ElasticSearch server, from which over 5 billion records were exposed, including emails and passwords from services such as Adobe, Twitter, LinkedIn and Tumblr, among others.

There were 1,196 individual data leaks in Q1 2020, according to publicly available data, of which almost 40% happened in the United States.

However the data may be skewed as the disclosure requirements in the US are strong compared to other countries, meaning thousands of leaks may be happening across the world without being reported.

And even if the leaks are reported, as many as 42.06% do not have an identifiable source – meaning an unsecured cloud or similar servers containing users' information was discovered, but nobody knows where it came from.

According to the research, 70% of all breaches result from phishing scams. Instances of phishing have skyrocketed in the era of COVID-19, as attackers take advantage of remote workers not having the protection they usually enjoy while on-premise.

Atlas VPN says that the IT sector was the hardest hit in terms of breaches in Q1 2020 – breaches more than doubled when comparing the quarter to the same time in 2019.

Following IT, the manufacturing and healthcare sectors were next on the list of breach increases between years. The healthcare industry is especially vulnerable because of its widespread use of outdated technology, as well as the fact that the industry is underfunded in many countries.

Reports show that over 56% of devices operating in the health sector are still running on Windows 7, while 27% of medical devices are still operating on Windows XP or decommissioned versions of Linux OS.