In his 3/8/17 article, “Rising cost of data breaches to $2.1 trillion by 2019…” Luke Irwin of IT Governance ominously wrote: “[W]e found an astounding figure of 3.1 billion records leaked in 2016, conservatively. We also discovered an infiltration of law firms’ email worth $4 million stolen [and] data breaches anticipated to be at 2.1 trillion by 2019, in less than 2 years from now.”
In the first half of 2018, an estimated 2.6 billion data records were hacked. This involved 2,308 breaches that resulted in public disclosure of 2.6 billion user documents. Though this was far less than Irwin predicted, it was nothing to celebrate and may not have captured the full extent of the Asian data breaches he included in his count. In other words, it may seem less than projected because we’re comparing apples to oranges. But no matter how you slice it, the number of data breaches is staggering.
Today, as of the very moment of this post, the Global Breach Level Index (a ticker-counter of the latest up-to-the-second breaches), reveals that 14,717,618,286 records have been lost or stolen since 2013. This too is a staggering number. And though most of these reported breaches presumably have been stopped, that’s still an incomprehensible volume of information exposed and never to be recaptured (my guess: if printed, it would fill all the stadiums in America).
This translates to 6,489,250 records being compromised every day, 270,385 every hour, 4506 every minute, and 75 every second. The world is a literal battlefield of cyberattacks, and when you pause to think about it – well, that’s what it is, isn’t it? A global, intergalactic battlefield of cyberattacks, and law firms are manning the beachheads for thousands of businesses operating in multiple states and multi-nationally…where it is all happening secondly.
Lost in these harrowing statistics, however, is a simple fact: literally trillions of pages of data have been hacked and already exposed, including an unfathomable amount of privileged, proprietary, confidential and private information from emails, multiple-platform messaging, MS Docs, and PDFs. All of this information is still, theoretically and practically, out there, most of it never to be retrieved. This alone raises the prospect of a/ privilege waiver -- on a massive scale, b/ breach of ABA obligations – on a massive scale, c/ legal exposure (for the company and the law firm) – on a massive scale, and d/ future malicious use – on a…
Here’s proof in the so-called pudding. As recently as 1/17/19, Alex Hern, writing for the UK Guardian Technology page, reported that the largest collection EVER of breached data had been discovered just last December. It was reported a windfall of 770 million email addresses and passwords that had been uploaded to a hacking website well known to, well, hackers, Tor browsers freaks, and black market travellers. This amounted to about 87 gigabytes (87,000,000,000 bytes) of a data presumably aggregated from multiple data breaches from thousands of sources (not just a single-fell-swoop hack).