Data breaches fell in number by 58% in the first quarter of 2020 compared with the same quarter in 2019 -- largely because of reporting disruptions caused by COVID-19 and the unusually high level cited in Q1 last year, according to 2020 Q1 Report, a study by Risk Based Security.
A total of 1,196 breaches were reported in first-quarter 2020 -- the lowest number in that time frame since 2016. But this should not be seen as part of a pattern.
“The turmoil that the pandemic has brought has created a unique opportunity for malicious actors and a stressful environment primed for mistakes,” states Inga Goddijn, executive vice President, Risk Based Security. “Once the dust settles, we anticipate the number of reported breaches will be on par with, if not exceed" the levels for 2019, she said.
Moreover, the sheer number of records exposed skyrocketed by 48% in first-quarter 2020, mostly because of a misconfigured ElasticSearch cluster that compromised 5.1 billion records. It was the worst quarter on record since the company began tracking data breaches in 2005.
Of the reported breaches in Q1 2020, 70% were due to unauthorized access to systems or service. And 90% of the exposed records were leaked due to “exposing/publishing data online,” the study continues.
Overall, 11 breaches exposed more than 100 million records each, and five breaches produced totals of 10 million to 99 million in the first quarter of this year.
On the positive side, 68% of the breaches with confirmed counts exposed less than 1,000 records in this year's first quarter, the study says.
Of the records exposed, email addresses were included in 54.4% of the breaches -- down from 76% in first-quarter 2019 -- but email still tops the list in 2020.
Passwords were revealed in 48.7% of the cases and names in 31.9% in first-quarter 2020.
The health care industry was hardest hit in the first quarter of this year in terms of the number of breaches: