You are here

Global Data Leakage Report 2014

Global Data Leakage
Report 2014

General Statistics

Number of registered data leaks, 2006-2014

In 2014, InfoWatch Analytical Center registered 1395 cases of data leaks. Over the observed period, the leak growth rate was equal to that of the previous year and amounted to 22% as compared to the leaks of 2013.

Distribution of leaks by influence vector

Due to insiders' actions, 350 million personal data records have been compromised. External attacks have compromised 410 million records

Distribution of leaks by guilty person

Distribution of leaks by intention

In 2014, less than half of the leaks were unintentional. Compared to 2013, the share of unintentional leaks has decreased.

Distribution of leaks by data type

The megaleaks with over 10 mn personal records each totaled 89% of all compromised records. Mass media provided extended coverage of the attack against the infrastructure of Target Corp. One more significant external attack was against another retailer, Home Depot, in 2014.

Conclusion:

The increasing amount of compromised personal data results from megaleaks; the increasing number of leaks has been mostly caused by external attack. The main values reflecting the global picture — leak growth rates, shares of personal data and commercial secrets, share of guilty insiders — remain almost constant year by year. The share of undetermined leaks is reducing gradually.

Reuters.com:
The world's largest seller of construction materials and repair tools, Home Depot announced that 53 mn e-mail addresses of the trade network clients were compromised. By estimate, Home Depot lost 56 mn dollars due to the incident. The hackers managed to access Home Depot's network with a password belonging to a third-party software developer. Through manipulations with access rights, the malefactors gained control over several segments of the company's network. The hackers embedded malware into the company’s network that stole the information — e mail addresses and bank card details. Home Depot experts note that the attack applied unique malware. The antiviruses used by Home Depot failed to detect the suspicious activity of the hacker programs.

Daily Mail:
The names, addresses, phone numbers and e-mail addresses belonging to over 83 mn company owners and householders were stolen through JPMorgan Chase. This is one of the biggest personal data leaks ever. 76 mn private accounts and 7 mn accounts of small businesses were under attack.

databreaches.net:
Office employee of Spanish bank Santander in Leicestershire County (Great Britain) was sentenced to a penalty of 880 pounds. 29-years-old Dalvinder Singh had worked at the anti money laundering department and had legitimate access to the clients' accounts. He decided to use his privileged rights to find out how much his colleagues earned. After the incident, the curious employee was fired. The bank's spokesmen told that shortly before, Singh had passed a training session about principles of handling sensitive information. But it did not help.

Distribution of incidents by nature of action

7.8% of the registered incidents have been classified as breaches related to unauthorized access to data (exceeding access rights, manipulations with information not required for employee's duties performance).

Leak channels

Industry map

In 2014, the share of leaks from state and municipal institutions within the observed period decreased by 16 p. p. to amount to 16%; meanwhile, the share for commercial companies increased by 13 p. p.

Distribution of leaks number and volume of compromised personal data by industry

Regional features

In the distribution of leaks by region in 2014, the USA traditionally held the first place in the number of leaks (906 or 65% of all cases). Once again Russia took its usual second place (167 leaks), like it did in 2013. Great Britain was number three (85 leaks)..

Full version - 883KБ