Photo by Chris Ried on Unsplash

2017 was the “worst year on record” for data breaches

Unintentional exposures revealed 5.4 billion records.

It should come as no surprise to anyone following this blog that 2017 turned out to be the “worst year on record” for data breaches. According to the Data Breach QuickView Report from Risk Based Security, there were 5,207 breaches reported through the end of last year that exposed roughly 7.89 billion records.

Those numbers may evoke a resigned “sigh” for those of us who watch this space, but what was interesting was the way in which most of those records were exposed. From the report:

Unintentional exposure of sensitive date via the Internet reached staggering heights in 2017, with 5.4 Billion records exposed due to inadvertent publication, misconfigured services and leaky portals.
…the vast majority of breaches originate outside of the organization but insider actions expose data at a rate of nearly 2 to 1 compared to outsider activity. (Emphasis ours)

So outside hacks were the leading cause of data breaches, but more records were exposed because of people within organizations.

If you handle sensitive data in the cloud — don’t become a statistic. Take action now to secure your information. First thing you can do is run a free Marshal scan to see what sensitive data you are holding. Are there Social Security numbers or credit card numbers sitting in your Box, Dropbox, Google Drive or Microsoft OneDrive accounts? Marshal will securely let you know.

While you’re cleaning up your digital house, check out this list of cyber preparedness best practices from It’s got eight great recommendations, including:

Implement a user security policy. Employees are, arguably, a company’s best asset. But they can also be its weakest link. Employees are the ones, after all, who share passwords over social channels, click on shady or suspect links and visit unauthorized sites. Their poor choices will render even multimillion-dollar security technology ineffective. And criminals know this, targeting employees through phishing and other scams. To help reduce the vulnerabilities introduced by human error, companies should manage endpoints like laptops and smartphones, and leverage antivirus software and a secure configuration policy that eliminates high-risk actions.

Marshal can help here as well. Not only will Marshal tell you if you are storing sensitive data, more importantly, it will also alert you if that data is still being shared. Do ex-employees have access? Is a public link available? Marshal can help you find inadvertent or forgotten exposures so you can close them off.

Let’s all be smarter about data protection in 2018, and let 2017 keep its “worst year” title for good.