From email addresses and passwords to bank, job and identity details, it’s incredibly important that our private data stays secure. But with increasingly intelligent cyber-attacks continuing to breach the data security of businesses and individuals across the world, the best ways to stave off hackers are always changing.
Our report highlights which countries suffer from the largest data breaches, the most common type of stolen data and the companies that have been hit the hardest by a data breach.
When we talk about data we refer to any piece of information that can leave you or your business at risk. Looking at this on a global level shows how frequently data breaches can affect countries and economies. To make these equally comparable, we ranked the data breaches based on 100,000 of the population of each country.
The US ranks as the worst-affected country with 6,219,819,956 recorded cases since 2013, or 1,879,085 cases per 100,000 people. Host to a high population and an industrial hub of technology-based companies, the States is a hotspot for cybercrime. Despite a number of proposals to improve it during the Obama administration, cybersecurity in the states is not as strong as it could be, leaving them open to more data breaches.
Although laws are put in place to safeguard users and protect data, they are still rife as governments and corporations attempt to protect their online infrastructure. Canada comes in third with 91,830,959 cases since 2013, or 243,311 per 100,000 people relatively. This is closely followed by the UK with 206,433 cases per 100,000.
Interestingly, China and India have not made it into the top 20 despite having their own technology industry hotspots. In China data security laws are deemed to be of the highest priority but with concerns about censorship, it is interesting to understand where data breaches sit. Whereas in India cybersecurity laws are so lax that 394,307,531 cases of data breach have been recorded since 2013, but due to such a high population it ranks 22nd with 28,573 per 100,000 people.
Data that can be stolen needs to be able to extort a victim or be sold, so it is not surprising that email addresses and passwords are the most compromised data with 871 cases collectively. But what other data can be stolen and be used against individuals and businesses?
From physical addresses and security questions to sexual orientation and chat logs, if it is on the internet then there is a chance it could be stolen, which means that as a user you need to sharpen up on the most common types of internet fraud. From email fraud that looks genuine to social media scams and private messages, think twice before you click on a suspicious message or set a new password.
As individuals we are most likely to have our email addresses stolen but when it comes to companies, who have been affected by the worst data breaches?
In 2013 Yahoo saw 3 billion usernames, phone numbers, passwords and birthdates stolen through encrypted security that was easily cracked. Through this mass of vital information, it was assumed that government systems could be hacked and infiltrated all over the world. Because of the data breach, Yahoo underwent many shareholder lawsuits due to their financial liabilities, with the stolen data also leaving users bank accounts liable where one password has multiple uses.
The data from the Yahoo breach is rumoured to have been sold on the dark web but it is not known what was done with it.
More recently, Chinese microblogging site Weibo saw a data breach of 538,000,000 with phone numbers, gender, location and usernames stolen. As the hacker was unable to gain access to passwords, the data was available to buy on the dark web for ¥1,799 ($250). Although, this does not mean that using the data could not be harmful — pairing it with other breaches could lead to mass infiltration.
As hacking techniques get smarter, are governments and companies able to get ahead of data breaches? With more global and local countermeasures being put in place to protect our data and user education slowly getting better, hopefully we’ll be able to tackle the hackers much more effectively in the future.
There are things you can do at home to avoid breaches of your own personal details too. We’ve shared our ten top tips on how to make sure you’re as safe as possible online.
Make sure your home broadband is as safe and secure as possible
Get some good-quality antivirus software for your internet-connected devices
Use obscure passwords with various symbols, to help keep your private information safe
Keep your software regularly updated, your network is more vulnerable when update patches haven’t been installed
Use multi-factor authentication where possible
Always check companies security guidelines when asked for information, your bank would never ask you to confirm your details over email for example
If using shared devices, protect confidential files and information saved from other users
Backup your most important files to a cloud and also manually
Be mindful of what devices you connect to your home network, and check their security settings (speakers, smart devices etc.)
Keep only what you need. If sensitive information no longer has a use, then remove it from your devices to prevent it being stolen.
Protecting your data with these steps is sure to help combat against potential breaches, and protect against scams and fraud.
Using the site “have I been pwned”, that collects and counts known data breaches since 2007, we were able to collect data on:
Total breaches - This is an exhaustive list of the breaches recorded
Companies - Looking at the the sources of these breaches as well as the data compromised e.g. emails, addresses
The above data was then categorised to provide top 10s in the form of brands, sources, periods of time, types of data and total compromised data.
Total data records stolen: https://www.varonis.com/blog/the-world-in-data-breaches/
Worst data breaches ever? https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
The most compromised types of data: https://haveibeenpwned.com/PwnedWebsites