Millions have data leaked, stolen worldwide

TOM PULLAR-STRECKER
Last updated 14:31 13/12/2012

Relevant offers

Digital Living

Google wants to know when users, tempted by an online advert, go to the shops Leaked: hundreds of internal Facebook documents on sex, violence, and terrorism Businessman's ransom nightmare at the hands of cyber hackers Instagram is the worst social network for young people's mental health Google's focus on AI means it will get even deeper into our lives Computer course helping 'digitally disadvantaged' saves ailing mother's family Online retail giants force NZ businesses to implement digital strategies Cyberattack hits at least 200,000 victims in 150 countries British researcher Marcus Hutchins finds kill switch, 'accidentally' stops malware crippling computers worldwide New Zealand upping digital security after 'massive' worldwide cyberattack

The number of people who had personal information hacked, leaked or lost jumped by 40 per cent to 160 million this year, according to KPMG.

The consulting firm calculated the tally by adding up those affected by 835 known major data breaches.

Those included the loss of 6.5 million user passwords in June by social networking site LinkedIn, the loss of 1.5 million people's credit card details by financial services firm Global Payments and the loss by clothing retailer Zappos in January of the personal details - including physical and email addresses - of its 24 million customers.

Just over two-thirds of the personal information was compromised as a result of hacking attacks, KPMG said. Credit cards details and passwords used to access online service were often what was being sought.

Just over half of the data breaches occurred at commercial businesses but there had been no improvement in the security of information held by governmental and healthcare organisations, KPMG said.

Director Philip Whitmore said it had observed a shift from the accidental loss of data to deliberate theft "either to steal or re-sell the data, or sometimes simply for fun or to make a great headline".

"Several of the world's largest companies have been targeted over recent months by hackers who have grown in sophistication. It is now not just a lone hacker sitting in their bedroom but, in many cases, serious organisations backed by nation states who are leading this new phenomenon," he said.

Most data breaches went unpublicised, KPMG believed.

New Zealand's Privacy Commissioner, Marie Shroff, labelled 2012 the "year of the data breach" last month in the wake of high-profile scares at ACC and Work & Income.

A report by her office said 71 Kiwi organisations had fessed up to losing people's information this year, triple the number last year. It believed many organisations were choosing to own up because of publicity surrounding the ACC and Work & Income cases.

The Law Commission last year recommended making it mandatory for organisations to report "serious" data breaches, taking into account their size and sensitivity, and how, by whom and why lost information might be used.

However, it acknowledged there was no evidence internationally that such a regime would make data breaches less common. KPMG has backed such a law change but Business New Zealand boss Phil O'Reilly said last year that criminal sanctions would be heavy-handed and unjustified.

Ad Feedback

- Stuff

Comments

Special offers

Featured Promotions

Sponsored Content