The number of publicly-reported data breaches in Canada in the first six months of the year hit 59 — two more than the same period a year ago — according to a compilation released this week by a security vendor.
The numbers were complied by Risk Based Security (RBS), a Virginia provider of threat intelligence.
It’s not the best way of measuring attacker activity because not all organizations here don’t yet have to report breaches. That will come next year when Ottawa proclaims the new mandatory data breach reporting requirements for firms that come under federal jurisdiction. But it does explain why the number of successful attacks looks small compared to the U.S. — which acknowledged 1,367 breaches — where public reporting is more common.
By comparison there were 22 publicly-reported breaches in China and 19 in Russia. The United Kingdom was second on the list with 104 breaches. Canada was third.
However, measured by the number of records exposed China was number one, with over 3.8 billion. The U.S. was second with just over 3.7 billion, India third with over 179 million records exposed. Canada was eighth with over 2.1 million records exposed. That compared to over 72 million in the first half of last year, which included the reported 45 million records exposed in the breach at VerticalScope, which runs a wide range of consumer automotive and technology forums.
Overall there were 2,227 international breaches reported in the first half of 2017, exposing over 6 billion records in the first half of this year. One Chinese company accounted for 2 billion exposed records alone.
Among report’s findings:
• Web (inadvertent online disclosure) continues to be the leading cause of records compromised in 2017, accounting
for 68.3 per cent of records exposed globally, but only 7.1% of incidents reported so far this year;
• 41.6 per cent of reported breaches were the result of hacking, yet accounted for 30.6% of the exposed records;
•Four 2017 breaches are now on the top 10 list of all time largest breaches.
“It is stunning to see the steady increase in the number of breaches impacting one million or more records,” RBS’ executive vice-president Inga Goddijn said in a statement. “In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents. Even more striking, in Q1 we had a new single largest breach disclosed, only to replaced by yet another all-time largest breach [from China] in Q2.”
“While news of politically motivated foreign interference in election systems continues to dominate the headlines, the breach activity we are tracking this year is a stark reminder of just how many data compromise incidents are motivated by financial gain,” she added. “As long as information can be quickly monetized and systems remain vulnerable to attack, we should not expect to see any slowdown in breach activity.”
Read the full report here. Registration required.