Under tremendous pressure from Unique Identification Authority of India (UIDAI), Gemalto has backtracked from its finding of 1.2 billion Aadhaar data breach in the first half of 2018, which it had stated in a recently released global report – Breach Level Index Report 2018.
“Gemalto profusely regrets on its Breach Level Index Report 2018 and the subsequent press release issued in India on 15th October where it has by mistake taken into account an unverified news article about alleged Aadhaar data breach,” said a company spokesperson to TechObserver.in.
Breach Level Index is a global database of public data breaches which cybersecurity firm compiles and shares with the public. The report published on September 18 had stated that in the first six months of 2018, almost one billion records were compromised in Aadhaar breach incidents, including name, address and other personally identified information. On October 15, the company had shared the press release stating these findings. Subsequently, it was covered by many media organizations in India.
Now, the Netherlands-based firm said that its assessment of Aadhaar data breach was based on a news report published The Tribune. “We have not been able to track any verified or substantiated data breach of Aadhaar database of UIDAI. As a result, Gemalto has withdrawn this alleged data from the Breach Level Index,” said the company.
According to an updated statement from the company, the 944 data breaches led to 3.2 billion data records being compromised worldwide in the first half of 2018. Compared to the same period in 2017, the number of lost, stolen or compromised records increased by a staggering 72 percent, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of each incident. Earlier, it had reported 945 data breach cases.
The company said that a total of six social media breaches, including the Cambridge Analytica-Facebook incident, accounted for over 56 percent of total records compromised. Of the 944 data breaches, 189 (20 percent of all breaches) had an unknown or unaccounted number of compromised data records.
“Obviously, this year social media has been the top industry and threat vector for the compromise of personal data, a trend we can expect to continue with more and more sectors leveraging these platforms to reach key audiences, especially political teams gearing up for major elections,” said Jason Hart, vice president and chief technology officer for data protection, Gemalto.
“We also expect to see more data breaches reported by European Union countries bound by the new General Data Protection Regulation and in Australia with the new Notifiable Data Breaches law. We should be careful not to misconstrue this as an increase in overall incidents in these areas but rather as a more accurate reflection of what is actually going on,” he added.
According to Gemalto, the primary sources of data breaches are malicious insiders as they caused the largest percentage of data breaches and accounted for almost 80 percent above of all stolen, compromised or lost records in 2018 while malicious outsiders accounted for 20 percent in India.
The cybersecurity firm asserted that identity theft continues to be the leading type of data breach, as it has been since Gemalto first started tracking in 2013. “While the number of identity theft breaches decreased by 60 percent over the second half of 2017, the number of records stolen through these incidents represent over 42 percent of all records stolen,” said the report.
As far as the geographic distribution of data breaches is concerned, North America still makes up the majority of all breaches and the number of compromised records with 59 and 97 percent respectively, said the report.
The report stressed that the United States was still by far and away the most popular target for attacks, representing more than 57 percent of global breaches and accounting for 97 percent of all records stolen, though overall incidents are down 17 percent over the prior half. India accounts for less than one percent of the global breaches in terms of records compromised or stolen or revealed.
With the implementation of the Notifiable Data Breaches law, the number of incidents in Australia increased dramatically from 18 to 308 as could be expected. Europe saw 36 percent fewer incidents but a 28 percent increase in the number of records breached indicating growing severity of attacks. The United Kingdom remains the most breached country in the region. With the General Data Protection Regulation in full effect for the second half of 2018, the number of reported incidents could begin to rise, said the report.