Over 36.6 million records breached in India, says Gemalto report

World leader in digital security Gemalto released the findings of the Breach Level Index revealing that 33 reported data breaches led to almost 36.6 million data records being compromised in India during 2016, an increase of 14 percent compared to 2015.

Identity theft and unauthorized access to financial data were the leading type of data breaches in 2016, accounting for 73 percent of all data breaches. In addition, 61 percent of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported in India.

The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted.

By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10).

According to the Breach Level Index, more than seven billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over three million records compromised every day or roughly 44 records every second.

Last year, the account access based attack on AdultFriend Finder exposing 400 million records scored a 10 in terms of severity on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI: 9.8), Philippines' Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.6).

Also featuring in the top 10 breaches of 2016 is the breach in Kerala region, where 34 million Keralites were affected by the massive data leak of sensitive information such as income, name and date of birth.

In fact the top 10 breaches in terms of severity accounted for over half of all compromised records. In 2016, State Bank of India (SBI) blocked millions of their debit cards as a precautionary step after some suspicion transactions were reported.

This highlighted the risk faced by the sector in India and the consequently lead to talks of establishing a formal Computer Emergency Response Team for the financial sector (CERT-Fin)[3]. Additionally, Yahoo! reported two major data breaches involving 1.5 billion user accounts, but are not accounted for in the BLI's 2016 numbers since they occurred in 2013 and 2014.

"The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid," said vice president and chief technology officer for Data Protection at Gemalto, Jason Hart.