The number of publicly reported data breaches fell in the third quarter of 2020, but billions more records were exposed globally to bring the total this year to 36 billion, according to Risk Based Security.
The security vendor’s 2020 Q3 Data Breach QuickView Report was compiled from human and automated analysis of publicly available reports, FOI requests and news reports.
It claimed 2020 was already the worst year ever recorded, even before the extra 8.3 billion records that were exposed in Q3. However, these figures include not only stolen data but also cloud-based misconfigurations that may imperil information but not result in a malicious actor getting hold of it.
The number of data breach reports in the first three quarters of the year dropped 51% year-on-year to 2953.
The vendor’s executive vice-president, Inga Goddijn, argued that this could be explained by the rise in ransomware attacks. Although these accounted for 21% of reported breaches in the first three quarters, it may be that many more are not being recorded.
“While many of these attacks are now clearly breach events, the nature of the data compromised can give some victim organizations a reprieve from reporting the incident to regulators and the public,” she argued.
“After all, while the compromised data may be sensitive to the target organization, unless it contains a sufficient amount of personal data to trigger a notification obligation, the event can go unreported.”
Elsewhere in the report, healthcare was the sector most affected by breach incidents, accounting for 11.5% of events.
Interestingly, two breaches in Q3 exposed over one billion records each and four breaches exposed over 100 million records. So these six breaches cumulatively accounted for around eight billion exposed records, or over 22% of the total.
The findings chime somewhat with those of the Identity Theft Resource Center, which records publicly reported breaches in the US. It said recently that the volume of those incidents is on track for its lowest figure since 2015.