IBM Billions of Records of PII Info Leaked in 2014
2014 has been nicknamed as ‘Year of the Data Breach’ as it has earned the distinction on the basis of quantity. A quarterly report released recently by security firm IBM X-Force Threat Intelligence reveals that no less than 1 billion records of personally identifiable information (PII) were disclosed during the year.
The report reveals that the entire number of records breached in 2014 was almost 20% more than the number in 2013 (when 800 million records were revealed) and the number breached in the United States is 74.5%, which is much more than in any other country.
Infosecurity-magazine.com published news on 16th March, 2015 quoting Leslie Hornacek, IBM X-Force Threat Response Manager, as saying “If you think year 2014 is similar to a never-ending roller coaster ride of thrills within the world of Internet security, you will not be the only person. We have witnessed the attacks applying creative novel approaches to fundamental attack types like SQLi, DDoS and malware.”
She added that while every breached record does not essentially indicate an individual user, it is still an important percentage of the Internet-connected populace that experienced some kind of loss as a result of security occurrences in 2014.
Regarding vulnerabilities, X-Force has categorized more than 9,200 flaws affecting in excess of 2,600 unique vendors. This is a new record which represents a 9.8 % increase as compared to the previous year. It is important to note that the database of X-Force includes bugs which don’t have a CVE identifier.
Many security holes which were disclosed last year affected foundational systems like content management systems (CMS), operating systems and widely-used open source libraries. Flaws have been identified in Windows, Linux, WordPress, OS X, Drupal, Joomla, OpenSSL (Heartbleed), UNIX bash shell (ShellShock) and SSL (POODLE).
The report has also pointed out that 2014 was a year in which several so-called “designer vulnerabilities” were disclosed. These flaws are not only dangerous but also have a cleverly branded logo and name.
Securityweek.com published news on 16th March, 2015 quoting Horacek as saying “These designer flaws appeared within long-held foundational frameworks used by most websites and they continued all through 2014 gathering appealing names like Heartbleed, POODLE and, Shellshock, into 2015, FREAK and Ghost.”