A new report from Risk Based Security (RBS) says that while the number of security incidents during the first quarter of 2014 is comparable to those in 2013, the number of records compromised per incident is on the rise.
In their Data Breach QuickView Report, RBS notes that there were more than 176 million records exposed in Q1 2014 (based on 669 reported incidents), representing a 46 percent increase when compared to the same period one year earlier.
In addition, it seems that history keeps repeating itself. According to the report, many of the organizations that suffered a security incident during Q1 2014 had previously disclosed a similar issue in the past. Moreover, three of those firms had multiple incidents in 2014 alone.
"It’s difficult to say whether security is deteriorating, bad actors are getting better or some combination of both," commented Inga Goddijn, Managing Director of Insurance Services for RBS, in a statement.
"What we do know is that there have been eight events in the past six months that have involved the compromise of at least 10 million records per event and the trend is continuing with the most recent revelations at eBay."
When it comes to the type of data that criminals target, the continuing trend focuses on user names, e-mail addresses, and passwords.
While not as valuable as Social Security or credit card numbers, such information could enable access to more sensitive records. RBS says that the continued focus on these seemingly non-critical records could be indicative of more complex attacks, or attacks with better planning, in the future.
When it came to the reported incidents themselves, the business sector accounted for the majority of them (57.5 percent); followed by the government, educational, and medical sectors.
Thirteen percent of the reported incidents were not attributable to a given sector, which is twice the number reported in 2013. However, while the percentage doubled, the number of records compromised remained low for this category.
Another interesting note from the report is the fact that 59 percent of the total records exposed were the result of insider activities. A single incident was used to hammer home that point, namely the breach at the Korean Credit Bureau (KCB), which resulted in 104 million records being exposed.
The compromised data in the KCB case included names, Social Security numbers, and credit card numbers. As the investigation into the incident concluded, it was learned that an insider – an IT contractor – was behind the crime. The contractor has since been arrested for his crimes.