A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Getting hold of such data is a gift to cybercriminals. But how widespread is leaked personal data?
Among the most leaked data points in the U.S., salary, eye colour, height, and other unexpected personal data stands relatively high. This has become apparent from Surfshark’s global data breach monitoring tool.
Current data indicates the U.S. has had a total of 17.5 billion personal records exposed since 2004. On average, each email address is leaked with 4 additional data points.
Furthermore, some 2.3 billion passwords were leaked together with U.S. accounts, putting more than half of the breached users in danger of account takeover that might lead to identity theft, extortion, or other cybercrimes.
The top 15 breached data points in the U.S. have been identified as:
• Password 2.3 billion
• First name 1.4 billion
• City 1.4 billion
• Last name 1.3 billion
• Zip (postal) code 1.2 billion
• Address 1.2 billion
• State of residence 1 billion
• Username 856.7 million
• Gender 787.7 million
• Country 781.5 million
• Phone 780.9 million
• IP address 627.1 million
• Password hash 611.4 million
• Name 604.9 million
• Date of birth 388.9 million
The above is taken from an assessment of 4 billion compromised Internet accounts. Of these, 896 million were identified as possessing unique email addresses, which means an average user email was breached more than four times since 2004. As a result, some data points may be duplicated.
“Information typically gets leaked by users willingly providing personal details to legitimate websites which then get stolen by malicious actors. If your data is breached, it’s important to act quickly by changing your passwords and being alert for phishing attacks,” Sarunas Sereika, Senior Product Manager at Surfshark tells Digital Journal.
Sereika continues: “To identify phishing attempts, always ask if the message was expected. Look for red flags like poor grammar, unusual content, or a suspicious sender’s email. If you’re unsure, avoid clicking on links. Remember, if it seems too good to be true, it probably is. Verify any suspicious communications through other channels before responding.”