Proton: 300 Million Records Breached This Year
▼ Summary
– Proton’s new Data Breach Observatory has identified over 300 million compromised records from 794 data breaches this year through real-time dark web monitoring.
– Small and medium-sized businesses were disproportionately targeted, with companies of 10-249 employees accounting for 48% of breaches and those under 10 employees comprising 23%.
– The retail and wholesale trade sector was the most frequently breached industry at 25%, followed by technology providers at 15% and media/entertainment at 11%.
– Email addresses were present in 100% of exposed datasets, with names (90%), contact information (72%), passwords (49%), and sensitive records (34%) also commonly stolen.
– The service aims to provide early breach alerts to help individuals and organizations secure accounts, prevent identity theft, and minimize financial losses from undisclosed incidents.
A staggering 300 million individual records have been exposed in data breaches during the current year, according to new research. This alarming statistic comes from a recently launched monitoring initiative, the Data Breach Observatory, a collaborative effort between Proton, known for its email and VPN services, and Constella Intelligence. The service actively scans cybercrime forums and dark web marketplaces where stolen information is frequently bought and sold.
Their findings reveal that these 300 million records are connected to 794 distinct breach incidents. When accounting for larger aggregated datasets, the scope widens dramatically to 1,571 incidents, encompassing hundreds of billions of records. This paints a concerning picture of the sheer volume of personal data circulating in illicit online spaces.
Small and medium-sized businesses (SMBs) have emerged as the primary targets for cybercriminals this year. Companies employing between 10 and 249 people were victimized in nearly half of all recorded incidents, accounting for 48 percent. An additional 23 percent of breaches impacted organizations with fewer than 10 employees, showing that threat actors are aggressively pursuing what they perceive as softer targets with potentially weaker defenses.
The retail and wholesale trade sector experienced the highest frequency of attacks, representing a quarter of all breaches. Technology providers followed as the second most-targeted industry at 15 percent, with media and entertainment companies close behind at 11 percent.
An analysis of the stolen data reveals a clear pattern of what attackers are after. Email addresses were present in every single exposure. Names were compromised in 90 percent of incidents, while contact details like phone numbers and physical addresses appeared in 72 percent of the breaches. Passwords were stolen in 49 percent of cases, and sensitive information, including government or health records, was taken in over a third of the incidents.
Proton states that the Data Breach Observatory aims to increase public awareness of the booming market for stolen data. The service is designed to empower both individuals and corporations, enabling them to take proactive steps to mitigate the damage from serious security incidents. In many cases, it could provide an early warning of a breach before the affected organization itself becomes aware of or publicly discloses the event.
Eamonn Maguire, Proton’s Director of Engineering for AI and ML, explained the mission behind the new service. He stated that the goal is to uncover hidden breaches and immediately alert the impacted businesses and organizations. This initiative is part of Proton’s broader commitment to providing people and companies with the necessary tools for self-protection. He emphasized that receiving prompt alerts when credentials are compromised is critical for securing accounts, preventing identity theft, and reducing financial losses.
While dark web monitoring services are not a novel concept, with several vendors offering similar identity theft protection and breach intelligence, Proton’s approach combines automated tools, curated data feeds, and human expert analysis. Their partner, Constella Intelligence, maintains continuous surveillance on various dark web platforms where breached data is exchanged to identify new disclosures as they happen.
(Source: InfoSecurity Magazine)