While large-scale breaches like Equifax, Deloitte, and Yahoo may have dominated headlines in 2017, there were countless other data breaches that occurred and went largely unreported last year. 

In fact, a recently released 2017 data breach report from Risk Based Security (RBS), a provider of real time information and risk analysis tools, revealed a 305% increase in the number of records exposed in data breaches in the past year compared to 2016.

For its latest report, RBS analyzed breach reports from the first 9 months of 2017. In a recent blog post, the firm explained that 2017 has been “yet another ‘worst year ever’ for data breaches.” 
The pace of disclosures began to steadily increase in July, peaking in September with over 600 reported breaches reported for the month. In Q3 of 2017, there were 1,465 data breaches reported, bringing the total number of publicly disclosed data breaches to 3,833 incidents for the year. In 2017, more than 7 billion records were exposed or stolen.

“The events at Equifax dominated the news in Q3 – and rightly so,” commented Inga Goddijn, Executive Vice President for Risk Based Security. “The breach stands out for so many reasons, ranging from the sheer size of the data loss to the poor handling of the response. But the attention masked several other events such as the Sonic and Piriform compromises that, in any other month, would be high profile breaches in their own right.”

The majority of exposed records in 2017 came from five breaches, accounting for approximately 78.5% of all records exposed.

The top severity breaches impacted DU Caller Group (2,000,000,000 user phone numbers, names and addresses exposed), NetEase, Inc. (hackers stole 1,221,893,767 email addresses and passwords), River City Media, LLC (1,374,159,612 names, addresses, IP addresses, and email addresses, and an undisclosed number of financial documents, chat logs, and backups exposed), EmailCar (267,693,854 email addresses and phone numbers exposed), and Deep Root Analytics (198,000,000 voter names, addresses, dates of birth, phone numbers, political party affiliations, and other demographic information).

While the above are considered the top severity breaches of 2017 by number of records, the worst data breach experienced so far this year was the Equifax breach. The incident exposed the records of 145,500,000 individuals. Though the breach only ranks 18th on the list of the worst data breaches of all time, RBS rates it as the worst experienced data breach of 2017 due to the nature of data stolen by the hackers.

The lead source of this year’s data breaches, so far, was hacking. 1,997 data breaches were due to hacks, 433 breaches were due to skimming, 290 breaches were due to skimming, viruses caused 256 breaches, and 206 breaches were due to web attacks. While web attacks may have come in at fifth place in terms of the number of breaches, the attacks resulted in the greatest number of exposed records. These attacks accounted for 68.5% of the total exposed records; hacking accounted for 30.9%.

Over the past five years we’ve seen a steady rise in reported data breaches, increasing from 1,966 data breaches in 2013 to 3,833 in 2017. Year on year, the number of reported data breaches has increased by 18.2%. In addition, the number of exposed records has also increased each year. In 2016, 2.3 billion records were exposed in the first 9 months of the year. In 2017, the figure jumped to 7.09 billion.

The Risk Based Security 2017 Data Breach Report can be accessed here.


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.