History of Data Breaches

Data breaches now make regular news headlines. It wasn’t always so. It’s important to understand the history of data breaches because that knowledge can potentially help you protect sensitive data in the future! Our best advice is to use IDM, there is no such thing as a data breach on our platform.

Data breaches have gained widespread attention as businesses of all sizes become increasingly reliant on digital data, cloud computing, and workforce mobility. With sensitive business data stored on local machines, on enterprise databases, and on cloud servers, breaching a company’s data has become as simple — or as complex — as gaining access to restricted networks.

The internet has been around since 1983, but data breaches didn’t begin when companies began storing their protected data digitally. In fact, data breaches have existed for as long as individuals and companies have maintained records and stored private information. Before computing became commonplace, a data breach could be something as simple as viewing an individual’s medical file without authorization or finding sensitive documents that weren’t properly disposed of. Still, publicly-disclosed data breaches increased in frequency in the 1980s, and in the 1990s and early 2000s, public awareness of the potential for data breaches began to rise.

The Privacy Rights Clearinghouse, which reports on data breaches impacting consumers, maintains a chronology of data breaches and security breaches dating back to 2005. The data breaches reported by the Privacy Rights Clearinghouse include breaches in which the information compromised “includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver’s license numbers.”

However, some breaches that do not compromise this type of sensitive information are also reported in order to provide a broad view of the variety and frequency of data breaches. Additionally, the data breaches reported here include only those reported in the United States, not incidents in other countries.

In 2005 alone, 136 data breaches were reported by the Privacy Rights Clearinghouse. More than 4,500 data breaches have been made public since 2005, with more than 816 million individual records breached. In actuality, this number is much higher, as the total number of records breached reported by the Privacy Rights Clearinghouse includes breach reports for which the number of records breached is unknown. Additionally, the Privacy Rights Clearinghouse is not a comprehensive compilation of all breach data, so the actual total records breached as a result of data breaches is likely substantially higher. For instance, the 2015 Verizon Data Breach Investigations Report covered over 2,100 data breaches in which more than 700 million records were exposed for the year 2014 alone.

Several experts and other media outlets have attempted to name the largest data breaches in history. According to Statista, which reports on the number of data breaches and records exposed in the United States since 2005, the number of cyber-attacks is on an upward trend. In 2005, for instance, 157 data breaches were reported in the U.S., with 66.9 million records exposed. In 2014, 783 data breaches were reported, with at least 85.61 million total records exposed, representing an increase of nearly 500 percent over 2005. And those are Statista’s numbers, which are somewhat conservative when compared to the Verizon DBIR or other industry-standard data breach reports.

One of our hopes is that, in the future, companies who have had their, or their customers’ data breached, will be more transparent. History does show that companies who do not disclose the breaches, or their extent, suffer bad press and loss of the public’s trust.

With more companies recognizing the value of security awareness training for their users, we can also hope to greatly decrease the amount data breaches. When employees know how to look out for social engineers, insider threats, errors, lapses in policy, and other common breach starting points, they have the potential to stop leaks before they happen, whether they are intentional or not.

So stay safe and protect your data with IDM!