Payment-security technology provider Gemalto NV reported Wednesday that, around the world, some 1.9 billion records were compromised by data breaches in 2017’s first half, up 164% from 721 million records compromised in the last six months of 2016.
The outlook for 2017’s second half is grim in light of the massive hack at Atlanta-based credit-reporting agency Equifax Inc., which compromised 143 million credit records and 209,000 payment card numbers.
Amsterdam-based Gemalto, which has its U.S. headquarters in Austin, Texas, said its latest Breach Level Index Report—based on a database of publicly known data compromises—tracked 918 breaches, up 13% from 815 in 2016’s second half.
Some 22 of the 2017 breaches compromised 1 million or more records. The single biggest one involved a reported spam operation called River City Media, which failed to back up its database, leading to the unwitting exposure of 1.34 billion email records.
Payment card and bank-account numbers compromised in the 2017 breaches were not immediately available. But Gemalto said the financial-services industry suffered 125 breaches, 14% of the total and up 29% from the previous six months, resulting in 5 million stolen records. While that last number represented less than 1% of the total stolen, it still was up 389% from the previous six months.
Retailers, meanwhile, sustained 112 breaches, 12% of the total and down 10% from 125 in 2016’s back half. Some 4 million records were compromised, one-fourth the number in the preceding six months.
Just 4.6% of breaches involved data that were defended by encryption, Gemalto said. And there could be many more records compromised. Gemalto noted that in 59% of the breaches, the number of records exposed is unknown.
Meanwhile, the news for Equifax keeps getting worse. An Atlanta law firm on Wednesday filed what it said is the first class-action suit against the firm on behalf of the nation’s 28 million small businesses. That’s on top of an unknown number of proposed consumer class actions filed since Equifax disclosed the breach Sept. 7. An Equifax spokesperson did not immediately respond to a Digital Transactions Newsrequest for comment. The state of Massachusetts sued Equifax on Tuesday on behalf of 3 million state residents reportedly affected by the breach.
Various media reports have said hackers first invaded Equifax’s computer systems in March, about two months before the breach Equifax disclosed two weeks ago that involved a compromise from May to July. While the March intrusion was widely portrayed over the past day as a new revelation, the KrebsOnSecurity news site said it in fact was publicly known, having been first reported by Krebs in May. The March breach resulted from hackers allegedly exploiting weak data security in Equifax’s payroll service, Krebs said.