The total number of publicly reported breaches in Q1 2020 has decreased by 58% compared to the same period last year, Risk Based Security reveals.
Publicly reported breaches in Q1 2020 drop dramatically compared to 2019
Despite this, the number of records exposed for this quarter skyrocketed to 8.4 billion – a 273% increase compared to Q1 2019, and a record for the same period since at least 2005, when detailed reporting began.
“Although the total number of publicly disclosed breaches in Q1 2020 dropped dramatically compared to 2019, this should not be interpreted as a decline in breach activity,” commented Inga Goddijn, Executive Vice President at Risk Based Security.
“We observed two factors driving this change. First, a large number of illicit data leaks and dumps were identified in early 2019, resulting in a temporary spike in activity. Similar spikes had been captured in the fall of 2018 and 2017, but this trend was absent from the start of 2020.
“The second factor is the disruption triggered by COVID-19. As the virus spread, so did a decline in breach disclosures. The turmoil that the pandemic has brought has created a unique opportunity for malicious actors and a stressful environment primed for mistakes.
“Once the dust settles, we anticipate the number of reported breaches will be on par with, if not exceed, 2019.”
A misconfigured ElasticSearch
The report explores in further detail how the pandemic, and the ensuing economic impact, has laid the groundwork for successful cyber attacks.
“The increase in records compromised was driven largely by one breach; a misconfigured ElasticSearch cluster that exposed 5.1 billion records. But even if we adjusted for this incident, the number of records still increased 48% compared to Q1 2019” commented Inga Goddijn, Executive Vice President at Risk Based Security.
“On average, hacking exposed an average of approximately 850,000 records per breach and most breaches originated from outside the organization. We are continually finding that simply meeting regulatory standards or contractual obligations do little to actually prevent a breach from occurring.”
UPDATE: 7:54 AM PT – The number in the headline and the article has been update after Risk Based Security discovered an error in their report and reached out to Help Net Security.