Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches

An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse.
The report is based on an independent study of publicly reported breach data that a professor at the Massachusetts Institute of Technology conducted for the tech giant.
It showed that ransomware campaigns and attacks on trusted technology vendors contributed to a sharp increase in data breaches and the number of records compromised in these breaches over the past two years.
Billions of Compromised Records In 2021 and 2022, data breaches exposed a staggering 2.6 billion personal records - some 1.5 billion of them last year alone.
The total number of data breaches in the first nine months of 2023 alone is already 20% higher than the total for all of 2022.
Data from IBM's 2023 Cost of a Data Breach and a separate Forrester research study, quoted in the Apple report, showed that 95% of organizations that experienced a recent breach had experienced at least one other previous breach.
Seventy-five percent had experienced at least one data compromise incident in the previous 12 months.
Ransomware and vendor attacks contributed in a major way to the sharp increase in data breaches and resulting compromise of sensitive records.
Some 50% more organizations reported experiencing a ransomware attack in the first half of 2023 compared to 2022, and the number appears to be trending even higher in the back half of the year.
The study also found that 98% of organizations currently have a relationship with a technology vendor that has experienced at least one recent data breach.
Examples in the report of breaches involving vendors and vendor technologies that had an impact on a broad number of organizations and individuals include ones at Fortra, 3CX, Progress Software, and Microsoft.
Breaches Heighten Need for Encryption The need for organizations to encrypt data - while it is in use, in transit, and at rest - is a long recognized issue.
Few dispute the effectiveness of data encryption in protecting stolen data against misuse and in rendering stolen data useless to those who steal it.
Several regulations and industry mandates - such as PCI DSS, HIPAA, GLBA, and the EU's GDPR - require or recommend encryption, especially for stored data and for data in transit.
Encryption makes data unreadable to unauthorized parties, greatly reducing the risk of data exposure even in the event of a data breach, he says.
Many organizations - as Apple's study and that from others suggest - have continued to drag their feet on data encryption for a medley of reasons.
The rapid and growing adoption of cloud computing is another factor that organizations need to factor in when considering encryption plans.
Data that Apple's study reviewed showed that 80% of breaches involved data stored in the cloud.
Encrypting such data can be more challenging than encrypting data on premises.
Finally, he recommends that organizations take advantage of the shared responsibility model that many cloud providers and leading SaaS vendors offer that allow organizations to give users many advanced encryption features at the click of a button.


This Cyber News was published on www.darkreading.com. Publication date: Fri, 08 Dec 2023 22:35:21 +0000


Cyber News related to Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches

Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
7 months ago Infosecurity-magazine.com
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches - An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse. The report is based on an independent study of publicly reported ...
1 year ago Darkreading.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Electronic Frontier Foundation - We're not just talking about the ballot box, but the everyday power we all have to demand government agencies make their records and data available to public scrutiny. At every level of government in the United States, there are laws that empower the ...
9 months ago Eff.org
Critical insights into Australia's supply chain risk landscape - Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as ...
9 months ago Tripwire.com
Record Surge in Data Breaches Fueled by Ransomware and Vendor Exploits - According to a recent report from Apple and a Massachusetts Institute of Technology researcher, the United States has witnessed a record-breaking surge in data breaches, fueled by increased attacks on third-party vendors and a rise in aggressive ...
1 year ago Cysecurity.news
Apple-backed data breach report says 2.6 billion records leaked in 2 years - An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022. The report by MIT Professor of Information Technology Stuart Madnick, published Thursday, said breaches were up by 20% in the first three ...
1 year ago Scmagazine.com
Third-party breaches hit 90% of top global energy companies - A new report from SecurityScorecard reveals a startling trend among the world's top energy companies, with 90% suffering from data breaches through third parties over the last year. This sheds light on the need for these energy companies to adopt a ...
10 months ago Securityintelligence.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
11 months ago Securityboulevard.com
Data Loss Prevention for Business: Strategies and Tools - Data Loss Prevention has become crucial in today's data-driven business landscape to protect sensitive information. This discussion aims to provide valuable insights into DLP strategies and tools for business, helping mitigate data loss risks ...
10 months ago Securityzap.com
Data Protection in Educational Institutions - This article delves into the significance of data protection in educational institutions, emphasizing three key areas: the types of educational data, data privacy regulations, and data protection measures. Lastly, robust data protection measures are ...
11 months ago Securityzap.com
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - A study commissioned by Apple shows that an estimated 2.6 billion personal records were compromised as a result of data breaches in the past two years, which, according to the tech giant, highlights the need for end-to-end encryption. It provides a ...
1 year ago Securityweek.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
9 months ago Venturebeat.com
2023 Sees Record Data Compromises Amidst Changing Tactics - Last year saw a nearly 80% surge in data compromises compared to 2022, with 3,205 incidents recorded, according to a report from the Information Theft Resource Center. Despite the surge in breaches, the number of victims impacted saw a 16% decline ...
10 months ago Securityboulevard.com
Surge of swatting attacks targets corporate executives and board members - At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would ...
1 year ago Csoonline.com
Android game dev's Google Drive misconfig highlights cloud security risks - Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months. The ...
11 months ago Bleepingcomputer.com
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
7 months ago Eff.org
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
11 months ago Silicon.co.uk
Refocusing on Cybersecurity Essentials in 2024: A Critical Review - As we enter 2024, it is a good time to reflect on the cybersecurity landscape of the past year. The insights gained from the preceeding 12 months can guide us in charting a course to mitigate the risk of falling victim to data breaches in the ...
11 months ago Securityweek.com
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
1 year ago Eff.org
900+ websites Exposing 10M+ Passwords: Most in Plaintext - Over 900 websites inadvertently expose over 10 million passwords, many of which are in plaintext, alongside sensitive billing information and personally identifiable information of approximately 125 million users. This massive data exposure is ...
9 months ago Gbhackers.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com
Wyden Releases Documents Confirming the NSA Buys Americans' Internet Browsing Records - PRESS RELEASE. Washington, D.C. - U.S. Senator Ron Wyden, D-Ore., released documents confirming the National Security Agency buys Americans' internet records, which can reveal which websites they visit and what apps they use. In response to the ...
10 months ago Darkreading.com
Biggest Data Security Threats for Businesses: Strategies to Strengthen Your Defense - With cybercriminals continuously evolving their strategies to target sensitive data with sophisticated attacks, data security has become a universal priority-no matter the size of your business. With the right strategies, such as regular security ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)