A new report has revealed that 888 data breaches occurred in the first half of this year, an increase of 10%, when compared to the same period last year.
The number of compromised data records has have however dropped by 41% to 246 million in the first six months due to a fewer number of large scale mega breaches in the retail industry.
According to the report, large data breaches continued to expose huge amounts of personal data and identities, despite the drop in compromised records.
An identity theft attack on Anthem Insurance was the largest breach, exposing 78.8 million records, accounting for 32% of the entire data records stolen in the first half.
The breach at the US Office of Personnel Management exposed 21 million records. Other breaches include a 50-million-record breach at Turkey’s General Directorate of Population and Citizenship Affairs and a 20-million-record breach at Russia’s Topface.
Gemalto’s 1H 2015 Breach Level Index Report revealed that the top 10 breaches represented 81.4% of all compromised records.
Gemalto vice president and chief technology officer for data protection Jason Hart said: "What we’re continuing to see is a large ROI for hackers with sophisticated attacks that expose massive amounts of data records.
"Cyber criminals are still getting away with big and very valuable data sets. For instance, the average healthcare data breach in the first half of 2015 netted more than 450,000 data records, which is an increase of 200 percent compared to the same time last year."
The number of state-sponsored attacks accounted for only 2% of data breach incidents, however the number of records compromised totaled 41% of all records exposed.
Malicious outsiders accounted for 62% of breaches, compared to 58% in H1 2014. About 46% of the total compromised records were attributable to malicious outsiders.
Identity theft accounted for 75% of all records compromised and 53% of data breaches in the first half of this year.
Hart said: "While the number of data breaches fluctuates, it’s still clear that breaches are not a matter of ‘if’ but ‘when.’.
"Although more companies are encrypting data, they are not doing it at the levels needed to reduce the magnitude of these attacks.
"What is needed is a data-centric view of digital threats starting with better identity and access control techniques including multi-factor authentication and strong encryption to render sensitive information useless to thieves."