Criminals Obtain 2.8 Billion Consumer Records In
By Robert Vamosi, CISSP and senior product marketing manager, ForgeRock
Cybercriminals exposed 2.8 billion consumer data records in 2018, costing U.S. organizations over $654
billion according to a new report from ForgeRock.
The report covers data breaches affecting customer data only from January 1, 2018 through March 31,
- While these are a mix of sensitive and non-sensitive sets of data, both are valuable to a criminal
who can use a name, birth date, and social security number, along with someone’s email in order to build
a synthetic identity used to impersonate someone online. Given this, Personal Identifiable Information
(PII) was the leading type of data breach in 2018, at 97 percent.
Among cybercriminals, the most frequent attack method used in 2018 was unauthorized access,
comprising 34 percent of all data breaches. The Identity Theft Resource Center (ITRC), upon whose
research the report uses, defines "unauthorized access" as "a catch-all identifier and not an accurate
reflection of the true method of intrusion." As used here, one can infer from the study’s context that the
attacks involved using stolen credentials, namely weak usernames and passwords. A criminal could take
a username or email and then use a guesswork or an automated tool such as John the Ripper or HashCat
to find the associated password. Once credentialed, a criminal would then seek access to customer or
employee databases.