A Gemalto report showed that more than 1 billion data records were stolen from 1,500 separate hacking incidents in 2014. This is a 49 percent increase from the 2013 figure and a 78 percent increase in the number of records compromised.
According to Gemalto, a data security firm, 54 percent of the breaches involved personal data like Social Security numbers and credit card information, up from 23 percent in 2013. Notably, less than 4 percent of the personal identity hacks were of at least partially encrypted data, which Gemalto analysts took as a sign that encrypting data is important, but not enough companies are doing it effectively. A recent attack on Anthem Inc. highlighted the lack of encryption among major companies, where 80 million Social Security numbers were accessible because they weren’t encrypted to protect consumer identity.
“We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number,” Jason Hart, vice president of cloud services, identity and data protection at Gemalto told The Wall Street Journal.
Most of the cyber-attacks have occurred in the United States, at 76 percent, highlighting the challenges of identity protection that measures like the EMV switchover are meant to address. The United Kingdom was next on the list for most data breaches at 117, followed by France and Germany with nine and eight breaches, respectively.
Data breaches have also largely affected retail industries, registering over 55 percent of data breaches, up from 29 percent in 2013. The main targets are POS systems that store consumer payment details, some without effective encryption or tokenization to protect them. Recently, data security companies and retailers have gone to Washington to push for clearer regulations on sharing security details to curb the effects of data breaches, and the White House has announced plans to create an office devoted to analyzing cyber-crime intelligence data. Government and public sector organizations were targeted 17 percent of the time, involving roughly 50 million data records.