Data breach incidents saw hackers steel up to half a billion personal records last year

The 2018 End-of-Year Data Breach Report has found that hackers got hold of around 447 million data subject records last year – an increase of 126% on 2017’s figure of approximately 198 items of personal data being stolen.

The report, conducted by the Identity Theft Resource Center, described data breaches as a “normal, everyday occurrence.”

The numbers of data breaches in the States may have fallen by 23% from 2018, but it appears more records are being stolen, said Eva Casey-Velazquez, CEO and president of the ITRC.

“This is telling us that we are creating a system and processes that make it easier for the thieves to compromise,” Velasquez told NBC News. “We’re collecting and storing more and more data in single places, so that the criminals only have to commit one hack or one breach of that institution to get all of those records,” she said on the NBC news website.

One example given as an online vulnerability, was the willingness of users to log into third party platforms through their Facebook profile. The practice was a window of opportunity for hackers in the Facebook breach last year, when criminal activity saw “tokens” for 50 million accounts stolen. As the tokens keep users logged into their accounts, just one breach could enable hackers to get into millions of other accounts.

Speaking to NBC, CyberScout chairman, Adam Levin said:

“The crooks are continuing to get better. Businesses are also getting better but, unfortunately, we’re in an arms race and the bad guys keep advancing faster than the good guys.”

Meanwhile, security expert Lorrie Faith told NCB:

“We’ve always been sloppy when it comes to data security and the hackers are finding creative new ways to exploit that. We are definitely seeing attacks that focus on the human element, both at the individual level — new forms of phishing attacks — but also at the enterprise level — humans making mistakes that allow for a large-scale breach.”

Around 1.6 billion non-sensitive records – such as emails, passwords and log-in credentials were also compromised through 2018.

This nature of data breach might not sound as alarming, but such details all help to paint a fuller picture of a potential victim’s identity.

“A consumer’s identity is similar to that of a puzzle, and the more accurate pieces a thief has about someone, the more they can successfully represent that person,” the ITRC report advised.

Hackers will often use powerful software to “guess” passwords that are associated with stolen email addresses. If a valuable account is seized, criminals can lock the real users out before stealing sensitive data or even money.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.