Data breaches analysis

94% of leaks in last six months appeared to be useful information for scammers. In most cases, it was an insider breach.

SearchInform decided on analyzing breaches that occurred in the first half of 2020. By an incident, we mean any known leak of personal data, namely, data breaches such as sale on the darknet, and services vulnerabilities as, for example, unencrypted servers with databases, employee negligence, etc. In total, SearchInform analysts have encountered 33 grave incidents, which affected government body, private companies, and medical organizations (see the diagram).

Government body appeared to be most vulnerable with five incidents recorded. 

Six incidents occurred in a trade sector. Data breaches happened in both on premise retail chains and online shops.  

Telecom companies are also taking leader positions by data leaks. Reports show that insiders organized 100% of leaks. The main reason for the data breach is remuneration seeking. 

Financial sector is also vulnerable to data breaches. There is a regular supply of databases from insurance companies and banks on the darknet. The most celebrated incident of the first half of the year was a leak from a microfinance organization, which placed personal data of 12 million people for sale. 

We confirm six leaks in medical institutions. 100% of these leaks were organized by insiders.

"We conclude that medical institutions are among the most vulnerable to data loss. While collecting and processing the most critical data about the patients, clinics and hospitals do not put enough value on their cybersecurity. Our research shows, that two-thirds of medical institutions experienced data leaks last year. Pandemic situation this year has shown that these leaks can lead to real bullying and harassment", comments Alexey Drozd, Head of the Information Security Department at SearchInform.

Research shows that insiders likewise are the most frequent cause of incidents in other areas. SearchInform estimates that 19 out of 33 incidents occurred due to deliberate actions of employees that had access to data. The information disclosure happens primarily due to abuse of authority (at least 11 incidents).

The rest of the incident cases can be classified as mistakes or negligence. The example of negligence can be improper disposal of paper documents (piles of passport copies, driver's licenses handwritten statements, insurance policies, payment receipts), technical errors (for example, the open code of the MongoDB management system, which resulted in compromised customer data of the Alfa-Credit broker), and vulnerabilities of services (as in the case of the penalty payment system). 

"It is not always possible to determine the true cause of a data leakage. However, even in these cases there are indirect signs that hackers commonly use employee negligence and look for accomplices among insiders, by doing this, hackers simplify and reduce the cost of attacks. Therefore, protection from insider risks should always be a priority", comments Alexey Drozd. 

In total, SearchInform analysts counted a leak of 173 million records, and this includes only data that can be estimated. In 94% of cases, attackers use compromised sensitive information for fraudulent actions.

"6% of the leaks involve relatively innocuous data sufficient only to identify users on a particular site. However, due to the fact that many users exploit the same usernames and passwords on different resources, compromising even this type of information can lead to unwanted consequences. That is, when data from one account has leaked, several accounts can be hacked as a result. Couple that with the fact that most users do not use two-factor authentication", - says Alexey Drozd.
“Bad news is that these leaks concern health and trade secrets data, the privacy of correspondence is violated as well. All this data makes a juicy tidbit for scammers. Thus, the more information hackers have up their sleeve, the more likely they to attack a particular person". 

SearchInform is one of the leading cybersecurity and risk management vendors. For over a decade, the company has been a technological trailblazer focusing on contemporary cybersecurity threats, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.