4 Billion “Records” Leaked In 2016 – How Do You Define Record?

The IBM X-Force Treat Intelligence Index 2017 report leaves the impression hackers are cutting through security like a hot knife through butter:

With Internet-shattering distributed-denial-of-service (DDoS) attacks, troves of records leaked through data breaches, and a renewed focus by organized cybercrime on business targets, 2016 was a defining year for security. Indeed, in 2016 more than 4 billion records were leaked, more than the combined total from the two previous years, redefining the meaning of the term “mega breach.” In one case, a single source leaked more than 1.5 billion records.1 (page 3)

The report helpfully defines terms at page 3 and in the glossary (page 29) but never defines “record.”

The 4 billion records “fact” will appear in security blogs, Twitter, business zines, mainstream media, all without asking: “What is a record?”

Here are some things that could be records:

  • account, username, password
  • medical record (1 or more pages)
  • financial record (1 or more pages)
  • CIA document (1 or more pages)
  • Tax records (1 or more pages)
  • Offshore bank data (spreadsheet, 1 or more pages
  • Presentations (PPT, 1 or more pages)
  • Accounting records (1 or more pages)
  • Emails (1 or more pages)
  • Photos, nude or otherwise

IBM’s “…4 billion records were leaked…,” is a marketing statement for IBM security services. Not a statement of fact.

Don’t make your readers dumber by repeating IBM marketing slogans without critical comments.

PS: I haven’t checked the other “facts” claimed in this document. The failure to define “record” was enough to discourage further reading.

Comments are closed.