The number of confirmed data breaches during 2018 reached 12,449, a 424% increase when compared with 2017, 47% of all compromised identity records having been exposed in breaches experienced by organizations from the United States and China.

4IQ, the identity intelligence company which published this report on the breached data landscape and trends, also discovered that, while the number of breaches saw a substantial boost last year, the average breach sized decreased to 216,884 records, a value 4.7 times smaller than the year before.

The company defines data breaches as confirmed incidents "where credentials, personal, medical, financial or other records with sensitive data have been accessed or disclosed due to being hacked or leaked, either deliberately or by accident."

The United States leads the ranks in the number of identity records exposed

The report also unearths the fact that crooks also switched their attention from harder to infiltrate large organizations and corporations to the less protected small businesses, a trend which also contributed to the massive four times increase in the number of breaches detected during 2018.

While on the whole United Stated data breaches haven't been as numerous as the ones from other countries, the size of the breaches contributed heavily to the large number of identity records being exposed throughout the year as part of US incidents, roughly 32% of the total number of curated records detected in such incidents around the world.

Geographic distribution of breaches

2018 also saw an important 71% jump in underground activity, with 14.9 billion raw identity stolen records being circulated and exchanging hands, although only 3.6 billion of them were new and authentic.

"As our personal data continues to get exposed and circulated in underground markets, the problem of identity-based attacks is only growing," said 4iQ CEO Monica Pal.

Also, "Consumers need to do what they can to prevent problems, like enable two-factor authentication, use a password manager, etc. but then they also need to take a proactive approach to protect themselves by signing up for identity theft protection services which include exposure alerts and help with remediation and insurance."

During 2018 breaches became "the new normal"

In addition, "Government was the largest growing exposed sector in 2018, increasing over 291 percent from 2018," said 4iQ co-founder and CTO Julio Casal. "This may be the result of mid-term elections and increasing geopolitical tensions. For the first time, we saw underground brokers actively including citizen data, such as voter databases, as part of their data portfolio."

2018 was also the year of Internet-connected data storage devices left exposed for everyone to access, which could translate into a more careful approach during 2019, with companies and organizations being more careful when securing their databases.

Data storage device exposure in 2018

4iQ also highlights the same big data breaches impacting large companies that led to millions of identity records being exposed per incident:

2018 saw companies like Google, Facebook, and Marriott make headlines as well. With new breaches being reported on an almost daily basis, “breach fatigue” has set in, with their occurrence becoming the “new normal.”

4iQ's 2019 Identity Breach Report uses data assembled from a far-reaching collection of both leaked and breached data obtained from open sources available on the surface, deep and dark web, as well as from black markets, social media, and underground forums and communities.

This data was collected with the help of automated crawlers and it was analyzed by the company's breach-hunting team using data curation and verification methodology and tools.