Looking back at the size of data breaches
Verizon’s recent 2011 Data Breach Investigations Report (PDF) seems to show that very few records were exposed by data breaches in 2010. The report says that all of the breaches that Verizon investigated in 2010 only added up to about 3.9 million records that were exposed.
That doesn’t mean that only 3.9 million records were exposed in 2010.
The Open Security Foundation’s data breach database lists breaches in that year that exposed over 28 million records. So although the amount of data that was exposed through data breaches was lower in 2010 than it was in the previous few years, there was still a significant amount of data exposed. Much more that the 3.9 million that Verizon’s investigators looked at.
A breach that exposes 5 million records doesn’t really look that big when it’s compared to other recent breaches. Here’s a graph that I created with IBM’s Many Eyes data visualization tool. It shows the relative size of recent data breaches (from the Open Security Foundation’s data breach database), with a single breach of 5 million records highlighted.
This seems to tell us that a breach that exposes 5 million records really isn’t very notable.
If a breach that exposes 5 million records really isn’t that notable, that’s a sure sign that we’re losing way too much data.
Data breaches that expose 1 million or more records aren’t really that rare. There have been over 50 of these since 2006, or almost one per month. And if you look at how much data has been exposed by data breaches, 1 million records doesn’t really look like that many. Here’s a graph that shows this. The single highlighted breach exposed 1 million records.
Excerpted from recent posts about data breaches by Luther Martin