You are here

Global Data Leakage Report 2015

Global Data Leakage
Report 2015

The Global Data Leakage Report 2015 by InfoWatch Analytical Labs. In 2015, InfoWatch Analytical Center registered 1505 data leaks revealed (in the media and other sources) worldwide, which is 7.8% more than in 2014. Russia came in second in terms of the number of leaks on record. If compared to 2014, the number of leaks in Russia dropped by 28,1%.

Summary

Leak number year by year

In 2015, InfoWatch Analytical Center registered 1505 confidential data leaks or 7,8% more than in 2014.

Share of malicious personal data leaks

Re-sorting these industries by attack
vectors will show their attractiveness
for external intruders and insiders.

Leaks by attack vector

Among the data leaks logged, 984 (65.4%) were caused by internal offenders, whether intentionally or negligently, while 484 (32.2%) of the cases were triggered by intruders from the outside.

Originators of leaks

In 2015, 51.2% of the leaks were caused by current (48.9%) and former (2.3%) employees. In more than 1% of the cases, company executives (top managers, heads of departments and divisions) were at fault, while 7.6% of the leaks (3.5 p.p. higher year-on-year) were caused by contractor's personnel who was authorized to access restricted information.
6,5% of leak originators could not be detected.

Leaks by data type

The year of 2015 saw 21 mega leaks, each resulted in the loss of over 10 million records. In 2015, mega leaks chalked up 814.5 million records compromised or an 84.3% share in the total volume of compromised data.
 

Incidents by pattern

7,7% of the incidents were classified as violations associated with unauthorized access to information (access rights abuse, manipulation of data other than on need-to-know basis).

Growth in external intruder segment

A little less than 2/3 of the total volume of personal data compromised in 2015, "flowed" as a result of an external attack. The most notable incidents in 2015 were related to the unlawful activities of hackers, penetration into the company's infrastructure, extracting aggregate information about employees and customers.

Vedomosti:
The cyber attack against the U.S. Office of Personnel Management (OPM) compromised personal data of its 18-22 million employees, both former and current. In the aftermath of the incident, criminals seized fingerprints of 5.6 million employees of U.S. government agencies.

RBC:
Leakage of Twitter's quarterly financial statements led to its stock fall. Before all other media, Twitter financial results were posted by Selerity, a financial intelligence service, in its twitter account. The microblogging service's revenue turned out to be less than expected: $436 million vs. $456 million. Soon after, Twitter shares started to plunge and went down in value by 18% by the end of trading, thus recording its most significant drop since October 2014 - stock price hit $42.27, while the company's market capitalization was $27.6 billion.

LEAKS BY CHANNEL

In 2015, there were fewer data leaks through 'Equipment loss' (-8.3 p.p.), 'Email' (-1.2 p.p.), and "Paper documents" (-3.7 p.p.), while leaks through removable media, mobile devices, text and video messages remained the same as in 2014. However, the share of 'Network' channel went up by 10.5 p.p.

Attackers are using obviously controlled communication channels (email, instant messaging services) less and less.

In this sense, the network is the only channel of malicious insider, which is still manageable and is possible to control.

RIA Novosti:
A Kenyan Airways official disclosed information about Barack Obama's visit by emailing out to the colleagues the dates and times of Kenia's airports closing for U.S. President's arrival and departure. As a result of the leak, the exact time of Air Force One arriving at Nairobi (Kenia) became known to the public, which is a breach of the White House security standards.

ZDnet:
Personal data of 191 million US voters, including their names, addresses, IDs, dates of birth, and voting history since 2000, have been leaked to the Internet because of database misconfiguration. As a result, personal data of all US citizens who voted at least once in the last 15 years became available online. By the estimate of an unnamed marketing firm, the value of the leaked information amounts to $270,000.

Reuters:
An attack on Ashley Madison cheating website will most likely prevent its founders from making an initial public offering. Avid Dating Life Inc (ADL), which owns the website, was planning to raise up to $200 million through an IPO on the London Stock Exchange. Hackers stole the records of 37 million website clients.

LEAKS BY INDUSTRY

Distribution of leaks by organization type did not change much, as compared to 2014.

Personal data leaks by industry

Data leaks were detected most often in healthcare (20.2%) and most rarely in municipal entities (<2%). In terms of volumes, high-tech companies (large web services, online marketplaces, etc.) account for a major share (29.2%) of all compromised personal data, with educational institutions having 20.2%

The most vulnerable sectors are: high-tech segment, trade, transport

The largest volume of compromised data (excluding the "mega-leaks") took place in the high-tech companies and organizations in the field of education. Trade, transport, high-tech companies data are often attacked from the outside. Breaches of personal data of banks, insurance, medicine are connected, as a rule, with the actions of internal intruders. Medium business is subject to leakage of personal data to a greater extent than large companies.

T-mobile:
According to T-Mobile CEO, John Legere, hackers hijacked the records of 15 million people, including their names, addresses, dates of birth, and social security numbers. The data was stolen from T-Mobile's partner, Experian credit bureau, which checks credit history and financial status of US citizens who enter into agreements with T-Mobile.

Un-sentinel.com:
Boca Raton (Florida, USA) police arrested Elexes Thaddies, 24, on suspicion of using personal data of her colleagues from Bethesda Hospital in Boynton Beach to purchase items at Nordstrom store. Officers suspect Thaddies used fraudulent accounts to charge about $20,000.

LEAKS BY COUNTRY

In terms of geography, in 2015 the US traditionally ranked first with 859 leakage incidents or 57% of the total volume. Russia repeatedly came second with 118 leaks, followed closely by the UK that had six less incidents.

Information on data leakage appear more often not only in the domestic media, but also in the media in countries such as Indonesia, Vietnam, India

Modern global picture of data leaks with minor changes is typical for all countries that use electronic information. Differences between regions and countries are rooted in the mental plane, in matters of perception of data leaks, in assessing the consequences of possible damage, the danger of leakage.

RIA Novosti:
A former Yandex employee received a conditional sentence for the theft of Yandex Search source code and algorithms. According to the investigation, the offender accessed the Yandex server and copied Arcadia program containing Yandex Search code and source algorithms. Yandex claims that the stolen data costs several billions of Rubles. The loss of the source code could result in 'years of judicial proceedings, serious reputational damage, and capitalization fall', since Search is 'the main service of the company',
- according to "Ъ".

Infowatch.ru:
Deputy Minister and an official of the Indian Ministry of Finance have been arrested on suspicion of stealing confidential information. The investigators believe that those officials disclosed confidential information about investment plans of foreign corporations in India to third parties. The intermediary in this offence was a consultant of a company in Mumbai. The documents were transferred by e-mail or courier. As part of searches conducted by the Indian Central Bureau of Investigation in Mumbai and Delhi, investigators found 60M Sri Lankan rupees in cash (approximately $500,000) in the consultant's office, as well as copies of confidential documents.

CONCLUSION AND FINDINGS

In 2015, InfoWatch analysts secrete a large number of "mega-leak" of more than 10 million personal data records leaked.

55 leaks registered, in which the volume of compromised personal data has exceeded 1 million records. 21 of these were "mega-leaks".

 

The most significant contribution to the increase in the volume of compromised data belongs to external attacks.

By now the share of external attacks reached up to two thirds of the total volume of compromised personal data, a little less than 1 billion records.

 

Insider’s "qualification" grows.

"Advanced" intruder does not risk needlessly. He chooses closed, uncontrolled channels where data protection for some reason does not work or is inefficient.

 

The most "attractive" for attackers vulnerable sectors were high-tech segment, trade and transport.

The largest volume of compromised data (excluding the "mega-leaks") took place in the high-tech companies and organizations in the field of education.

 

Topic of data leakage becomes more transparent.

We hope, in the near future we will be able to talk not only about leaks, data types, channel characteristics, but also about the evaluation of objects of protection, compromised as a result of the incidents, about the real financial loss as a result of data leakage from specific companies.

Full version, pdf - 3,12 MБ