With 4.1 Billion Records Exposed in Six Months, 2019 Is On Course To Be Record Year For Data Breaches -- Security Today

With 4.1 Billion Records Exposed in Six Months, 2019 Is On Course To Be Record Year For Data Breaches

Only eight breaches were responsible for the exposure of 3.2 billion records in the first half of the year, according to new research.

By Haley Samsel
Aug 22, 2019

In the first six months of 2019, 4.1 billion compromised records were exposed in more than 3,800 publicly disclosed breaches, according to a new study published by Risk Based Security, a security research firm.

While security breaches have been in the headlines all year long, a large majority of the records ⁠— 3.2 billion ⁠— were revealed in just eight breaches. The largest of those breaches involved Verifications.io, a company that approves email addresses for third-party customers. That breach of nearly a billion names, email addresses and other personal information was due to an unsecured database that was openly accessible online, 24/7 Wall Street reported.

The second largest breach also involved a massive 885 million real estate transaction records, which were maintained by First American Financial. Cultura Colectiva, a Mexico-based digital media company, exposed 540 million Facebook users’ data through a misconfigured database in the third-largest leak.

Based on the number of records leaked, all three were among the top 10 breaches of all time, 24/7 Wall Street reported.

But while Risk Based Security analyzed the largest breaches, it also found that a large majority of breaches reported in early 2019 had a “moderate to low severity score,” meaning they exposed 10,000 or fewer records. As Forbes notes, this is because small businesses are often easy targets for hackers due to their lack of cybersecurity protections for their data.

“Quarter after quarter the pattern has repeated itself,” said Inga Goddijn, executive vice president at Risk Based Security. “The vast majority of incidents are attributable to malicious actors outside an organization. Unauthorized access of systems or services, skimmers and exposure of sensitive data on the Internet have been the top three breach types since January of 2018.”

The business sector was responsible for 67 percent of the reported breaches and nearly 85 percent of the exposed records, the firm found. And while only 149 of the 3,813 incidents involved misconfigured databases and services, those breaches exposed over 3.2 billion records. Indeed, just this week, a security researcher discovered that MoviePass, the movie ticket subscription service, exposed customer credit card numbers by not protecting a crucial database with a password.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

The Living Link: How “People Problems” Impact Security
12/23/2025
Smarter UPS Strategies Strengthen Critical Infrastructure Security
12/19/2025
CMMC 2.0 Is Here: What DoD Suppliers Need to Know Now?
12/19/2025
Netwatch Announces Agreement to Be Acquired by GI Partners
12/17/2025
Security LeadHER Opens Call for Speakers and Registration for 2026 Event
12/17/2025
Acoem Secures Critical Infrastructure for Large Utility Company with Advanced Gunshot Detection System
12/15/2025
Registration for ISC West 2026 Now Open
12/10/2025
Allied Universal Announces Sale of Controlling Stake in AMAG Technology to Shore Rock Partners
12/09/2025

Featured

Security Industry Association Announces the 2026 Security Megatrends

The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now
- Artificial Intelligence
The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now
- Access Control
A Look at AI

Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now
- Artificial Intelligence
First, Do No Harm: Responsibly Applying Artificial Intelligence

It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now
- Artificial Intelligence
Improve Incident Response With Intelligent Cloud Video Surveillance

Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now
- IP Video

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.
Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”