UK Tops European Data Breach Table

The UK suffered the most data breaches in Europe during the first half of 2015, coming second globally only to the United States, according to new data from Gemalto.

The digital security and SIM card vendor claimed in its latest Breach Level Index (BLI) report that there were 63 data breaches in the UK in the first six months of the year – a huge jump from second-placed Germany (8) and third-placed Netherlands (6).

However, just 8.3 million records were exposed in those breaches, which is only 3.4% of the global total of 246 million. This pales in comparison with the US, which accounted for nearly half (49%) of all compromised records, and Turkey (26%).

The 888 data breaches suffered globally in the first half of 2015 is a 10% increase on the same period a year ago, although the number of records stolen declined 41% thanks to fewer mega breaches, the report claimed.

However, the likes of Anthem (79m), the US Office of Personnel Management (21m), and Turkey’s General Directorate of Population and Citizenship Affairs (50m) kept the numbers pretty high.

Although identity theft-related breaches accounted for the vast majority of records compromised (75%), state-sponsored attackers showed they are becoming increasingly effective.

Despite accounting for just 2% of breach incidents during the period, nation state operatives stole 41% of all records compromised, according to Gemalto.

By industry, healthcare (34%) and government (31%) accounted for the vast majority of compromised records during the first half of the year, with retail seeing a massive drop – from 38% during the first six months of 2014 to just 4% during this period.

Gemalto security expert, Paul Hampton, warned that the findings disclosed in the report are likely to represent just the tip of the iceberg when it comes to global breaches – as they record only those announced publicly.

“It seems safe to assume that for every breach that is made public there are others that aren’t announced,” he told Infosecurity.

“These numbers are likely to change once the European disclosure rules come into effect, as organizations will have to collect, store, access and secure data in new ways. Most importantly, they will have to notify both authorities and affected individuals when a data breach occurs.”

What’s more, many organizations are incapable of detecting the increasingly sophisticated targeted breaches aimed at their networks, he added.

“Given that attackers perpetrating identity theft breaches are usually only intent on obtaining a copy of confidential data rather than on causing malicious damage to systems, it is quite possible that many organizations haven’t even noticed that a breach has occurred,” Hampton argued.

What’s Hot on Infosecurity Magazine?