At the end of 2016, Yahoo announced that one billion accounts had been compromised three years earlier in what was the biggest data breach in history. An unauthorised third party stole a range of data including names, email addresses, telephone numbers, dates of birth, and in some cases, the answers to security questions1.
Unfortunately, this was a high- profile example of a growing trend. Nearly 1.4 billion data records were compromised in 2016, according to the Breach Level Index, a global database tracking the volume and severity of data breaches published by digital security consultancy Gamalto2. That was an increase of 86% from the previous year.
The vast majority of these data breaches occurred in North America (80%), followed by Europe (9%) and Asia- Pacific (8%). The other regions- South America, Africa and the Middle East- accounted for 2% or less. Healthcare was the most vulnerable industry, experiencing 28% of data breaches, followed by the government at 15% and retail and the financial sector at 12%.
For the third year in a row, identity theft was the most common form of attack with nearly 60% of the total. The number of breaches increased slightly from 2015, although the number of records stolen actually fell by a quarter. Other common forms of attack were access to financial institutions (18%) and general accounts (11%), especially at technology, entertainment or social sites.
Ransomware attacks- where data is stolen and held to ransom- became the favoured method among hackers in 2016. Several companies paid to retrieve data or prevent hackers shutting down their systems, while individuals were also forced to pay up if they didn’t want private information shared in public.
The organisations holding data are ultimately responsible for preventing breaches, but there are steps individuals can take to make their accounts more secure- particularly on the types of sites that hackers tend to target. One tip is to come up with a passphrase instead of a password. A passphrase is simply a longer password such as a song lyric or a quote that is much harder to hack. You should also be careful who you share personal information with, especially when you receive an unsolicited email or phone call. If in doubt, ignore the approach and contact the company in question directly. And while you probably invest in antivirus software for your computer, you need to protect your mobile devices too. You can prevent unwanted access to your mobile device using multi- factor authentication, security tokens and biometric identification, as we discussed in this post.