The technological advancement surrounding the internet ecosystem — both software and hardware — have undoubtedly turned up its popularity as new users get introduced to a world without boundaries (almost) and existing ones are kept fascinated by the upcoming innovations.
But the increased sophistication of tech — especially in the world where competition is leading organisations to release incomplete and unpatched software updates, putting consumer data at risk many a time — has also led to an increase in the number of attacks.
The attacks, prominently led by independent hacker groups or state-sponsored attackers, mostly exploit the bugs in these updates to gain illegal access to devices.
Before we go any further, please note that these data breaches do not include the Yahoo hack which led to more than 1.5 billion accounts to be compromised as they were only reported in 2016 but happened in 2013 and 2014.
What Caused These Data Breaches?
There are a number of reasons ranging from IT errors to theft of device and DDoS. The top nine causes of data breaches in 2016 are listed below.
Theft of data (36.2%)
Improper use of data (19.3%)
Unclassified or other causes (19.2%)
Phishing, Spoofing or Social Engineering (15.8%)
Accidental data loss (3.2%)
Loss or theft of device (3.1%)
IT errors leading to data loss (1.6%)
Network disruption or DDoS (1.6%)
Extortion, Blackmail or Disruption (0.2%)
Countries With the Highest Number of Identity Thefts
The same report also listed the following countries by the most number of identity thefts in the year 2016.
United States of America: 791,820,040 identities stolen
France: 85,312,000 identities stolen
Russia: 83,500,000 identities stolen
Canada: 72,016,746 identities stolen
Taiwan: 30,000,051 identities stolen
China: 11,344,346 identities stolen
South Korea: 10,394,341 identities stolen
Japan: 8,301,658 identities stolen
Netherlands: 6,595,756 identities stolen
Sweden: 6,084,276 identities stolen
What Caused These Identity Thefts?
The report lists out top nine causes which led to the theft of identities in the reported cases.
Theft of data (91.6%)
Phishing, Spoofing or Social Engineering (6.4%)
Accidental data loss (1%)
IT errors leading to data loss (0.9%)
Network disruption or DDoS (<0.1%)
Improper use of data (<0.1%)
Loss or theft of device (<0.1%)
Unclassified or other cause (<0.1%)
Extortion, Blackmail or Disruption (<0.1%)
What Form of Data is Commonly Hacked?
A total of 1,120,172,821 identities were stolen in the 1209 breaches in 2016, which is more than double the number of identity thefts reported in 2015 at 563,807,647.
The major form of data lost in breaches in 2016 has been identified in three categories.
Personally Identifiable Information (42.9%)
Personal Financial Information (32.9%)
Personal Health Information (11%)
Other Information (1.6%)
Although United States has the highest number of data breaches and identity thefts, this can not just be attributed to the high adoption of technology and a large number of companies based there, but also that reporting data breach is mandatory by law.
In many countries, data breaches go unreported since there are no legal guidelines in place for the same and companies based in these countries usually prefer saving face than report a vulnerability.
“There are strict legal requirements in the US around reporting data breaches. Data breaches are often underreported in territories where there are no legal requirements in place,” the report reads.
It’s imperative for companies to create a more secure environment for internet users to interact with their software, especially since sensitive personal data is being shared online too, which in the wrong hands could have disastrous consequences.