Since January 1 2017, there have been approximately 156,000 data records breached where the disclosure was unintentional or a malicious breach from an insider. These are breaches in all industries, to all kinds of individuals, and all sizes of companies. To put it in perspective, that’s roughly 867 records breached every day, or nearly two records every three minutes. We’ve rounded up the top data breaches for the first half of 2017. Prepare to be unsettled.
Registered voters in America
198,000,000 Americans registered to vote had their personal information exposed in late June this year. The firm responsible, a Republican data analysis company, Deep Roots Analytics, has taken full responsibility for the situation. Included in the breach was basic information such as voter’s first and last names, birth dates, home and mailing addresses, phone numbers, registered party, self-reported racial demographic and voter registration status. Alarmingly, a voter’s likely stance on abortion, gun control, stem cell research and environmental issues was also part of the breach. Fortunately, it appears that only a single Cyber Risk Analyst from another company was able to access the 1.1 terabytes of entirely unsecured data and was able to alert authorities in time.
Educational records at the University of Oklahoma
Also in June, the University of Oklahoma has been found to have violated federal law with their lax privacy settings across their campus file-sharing network. 29,000 educational records were accessed by email users on the system. These records included social security numbers, financial aid information and grades in records dating to at least 2002. The files have now been safeguarded but each breach could constitute a violation of the Family Educational Rights and Privacy Act.
Email addresses of US corporates
Just under 33.7 million unique email addresses were leaked in March this year. The company responsible, Dunn & Bradstreet, is a business services company so, at 30 million, the records represented a large chunk of the United States corporate population. This is the data that can be bought and sold – it’s unknown what the market rate would be, but it is reported that it can cost up to $200,000 to access just half a million records. The largest organizations affected include the Department of Defense, other armed forces, AT&T, Boeing, and the United States Postal Service. Interestingly, it remains unknown how the breach occurred, other than it was internal, although Dunn & Bradstreet stated it was not released through one of their systems.
Thankfully, many of these data breaches were eventually picked up by security companies monitoring for data exposure before the data could get into the wrong hands. While these are three of the most significant data breaches to happen this year, there are tens of thousands more where companies have had their data exposed through internal sources, either with malicious intent or by total accident. Companies that lose data through their own negligence, or lack of correct privacy procedures, can face legal action and be forced to pay damages to the individual’s affected. A data loss protection strategy is essential for a company of any size. It protects the individuals whose data is owned by the company, and it helps protect the company from the ramifications of any internal losses.