Despite tougher obligations, “mismanaged” corporate security has left billions of identity records exposed

More than 3 billion identity records were found spread across visible and underground online sources during 2017, according to new research that lends further weight to suspicions that protection of personally identifiable information (PII) is proving tremendously ineffective in the face of thriving demand from online cybercriminals.

The records – which were located by security firm 4iQ during a search by automated crawlers across openly available online web, social-media, underground, black markets and dark-web destinations – were plucked from more than 8.7 billion raw data records and represent a more than 64 percent increase compared with the same exercise in 2016.

Those records were sourced from 2940 breaches curated from the spoils of 3525 raw breaches – including 188,916 unsecured FTP servers containing 2.1 billion documents – and 56 percent of these breaches were classified as “accidental”.

Fully 72 percent of the discovered records contained emails and passwords, while 40 percent included PII attributes. Some 1.9 percent of the discovered breaches were found in Oceania, of which Australia comprised 70 percent of the discovered data.

The volume of raw data records discovered by the team increased by 182 percent compared with the previous year, with the firm’s analysis warning that the surge was created due to the growing size and number of breaches – as well as accidental lapses “that result in data being openly accessible to third parties.”