With more than five million breaches, almost all of us are at risk
Venkat Raman
Auckland, August 3, 2024
More than five million accounts were breached in New Zealand during the second quarter of this year, which is almost the entire population of the country.
In its latest report, Surfshark, a Netherlands-based Cybersecurity company said that the total number of breaches during the second quarter (June 30) this year was 5,101, 2023, accounting for an increase of 36% over the first quarter (March 31). This translates to 97,970 breaches for 100,000 people, placing almost every online user at risk.
About 416,000 online user accounts have been leaked thus far in 2024 in New Zealand.
Surfshark Researcher Kasparas Jucaitis said that over the past 20 years, New Zealand has had 57.5 million personal records exposed.
Leaks, thefts and other hazards
“Out of 206 million compromised internet accounts, 5.6 million have unique email addresses. On average, each email address is leaked with 2.8 additional data points. Statistically, an average resident of New Zealand has been affected by data breaches about four times,” he said.
According to the report, about 14.1 million passwords were leaked along with New Zealand accounts, placing more than half of the breached users in danger of account takeover that might lead to identity theft, extortion and other cybercrimes.
Mr Jucaitis said that a data breach occurs when confidential and sensitive data gets exposed to unauthorised third parties.
“In this study, we treat every breached or leaked email address used to register for online services as a separate user account, which may have been leaked with additional information, such as password, phone number, IP address, zip code, and more,” he said.
Data breaches in other parts of the world are even more concerning, with the US leading the pack, with more than 117 million breaches during the second quarter of this year.
Mr Jucaitis said that the incidence of breaches almost halved during the second quarter but that is no reason for celebration.
Down but still not out
“Breaches in the second quarter were still significantly higher than in the same quarter of 2023. Analysing 20 years of breached account data reveals the vast amount of personal information available online, including, but not limited to, emails, passwords, credit card details, zip codes, dates of birth, and phone numbers, totalling over 65 billion personal records. People should be proactive and regularly check if their data has been leaked online by using resources such as breach notification services, as companies can often delay notifying users about breaches,” he said.
According to the Surfshark report, globally, more than 208 million accounts were leaked during the second quarter of this year, about 53% less compared to the first quarter (about 442 million).
“For a sense of scale, the second quarter saw 1605 accounts breached every minute, compared to 3410 in the previous quarter. While the drop is notable, the breaches in the second quarter of 2024 were 42% higher compared to the same period in 2023. Breach statistics in the US, France and the UK in the second quarter of 2024 show notable increases, indicating a worrying trend for the people living there. However, the number of breached accounts in Russia and China dropped significantly, contributing greatly to the overall quarter-over-quarter breach statistic decrease,” the report said.
Europe ‘loses leadership’
Mr Jucaitis said that North America became the leader, recording the highest number of breached accounts, at 123 million.
“While this is a slight increase from the first quarter figure of 108 million, North American accounts still make up just under 60% of those affected globally. Being the region to have seen increases, North America moved up from the second position in the first quarter to be the leader in the second quarter. The most breached country was the US, responsible for the vast majority (95%) of breached North American accounts,” he said.
Europe experienced the second-highest number of breaches in the second quarter with 50 million, recording a decrease of 42% from 86 million in the previous quarter.
“Despite the drop, European accounts are still at 19% of all those breached,” Mr Jucaitis said.
Huge drop in Asia
Asia witnessed a massive drop of 87% in breaches, down to 15 million in the June 2024 quarter, from 117 million. The region ranks third at 7% of all accounts breached.
The Surfshark report mentioned the ten most breached countries during the second quarter of 2024 in descending order – the USA (116.8 million), Russia (25.1 million), France (7 million), the United Kingdom (5.7 million), China (4.9 million), Canada (4.4 million), Germany (2.9 million), India (2.8 million), Spain (2.5 million), and Australia (1.4 million).
The countries with the highest breach density (number of leaked accounts per 1000 residents) were the USA (344), Russia (174), El Salvador (142), Canada (113), France (108), the UK (85), Hong Kong (82), Czechia (67), Australia (54) and Spain (53).
About Data Breach
The Surfshark report said that data breach occurs when confidential and sensitive data gets exposed to unauthorised third parties.
“In this study, we treat every breached or leaked email address used to register for online services as a separate user account, which may have been leaked with additional information, such as password, phone number, IP address, zip code, and more. The data was collected by our independent partners from 29,000 publicly available databases and aggregated by email address. To determine the location of the email address, our partners’ mechanism looked into several associated parameters, such as domain names, IP addresses, locales, coordinates, currency, or phone numbers. This data was then anonymised and passed on to our researchers for statistical analysis,” it said.
