Over 500 million digital identities exposed or stolen in 2015, Symantec says

According to a report by the security firm Symantec, over 500 million digital identities were exposed or stolen last year.

The firm said that the number of crypto-based ransomware attacks increased by 35%, while fake technical support scams surged 200%.

The annual threat report revealed that cybercriminals have become better at creating unknown software bugs to ensure their attacks work properly, with groups of hackers becoming more professional and working in ways that resemble that of actual software companies.

Kevin Haley, director of Symantec security said in a statement: “They have extensive resources and highly skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,”

According to Symantec, the largest number of breaches took place within the Health Services sub-sector, which comprised 39 of all breaches in the year.


An extremely profitable type of attack, ransomware, increased 35% last year.

Ransomware restricts access to the infected computer system in some way, requesting that the user pay a ransom to the malware operators to remove the restriction.

Symantec said that this form of attack “will continue to ensnare PC users and expand to any network-connected device that can be held hostage for a profit.”

“In 2015, ransomware found new targets in smart phones, Mac, and Linux systems. Symantec even demonstrated proof-of-concept attacks against smart watches and televisions in 2015.”

Sharp increase in the number of large businesses targeted

There was also a surge in the number of big companies suffering large-scale attacks last year. There were nine data breaches in 2015 that exposed more than 10 million records, up from four breaches of the same severity in 2014.

Symantec noted that the number of identities stolen online could be higher, as many companies are choosing not to reveal the full extent of their data breaches.

The report said:

“At the close of 2015, the world experienced the largest data breach ever publicly reported. An astounding 191 million records were exposed. It may have been the largest megabreach, but it wasn’t alone. In 2015, a record-setting total of nine mega-breaches were reported,” Mr. Hayley said.

“The total reported number of exposed identities jumped 23 percent to 429 million. But this number hides a bigger story. In 2015, more and more companies chose not to reveal the full extent of the breaches they experienced. Companies choosing not to report the number of records lost increased by 85 percent. A conservative estimate by Symantec of those unreported breaches pushes the real number of records lost to more than half a billion.

“The increasing number of companies choosing to hold back critical details after a breach is a disturbing trend. Transparency is critical to security. While numerous data sharing initiatives are underway in the security industry, helping all of us improve our security products and postures, some of this data is getting harder to collect.”