At least 1 billion records of personally identifiable information (PII) were leaked in 2014, according to the latest of IBM’s X-Force Threat Intelligence Quarterly.
The 2015 report, which highlights findings from the last quarter of 2014, catalogued more than 9,200 new security vulnerabilities affecting over 2,600 unique vendors.
This represents a 9.8% increase over 2013 and is the highest single year total in the 18-year history of X-Force reporting.
The report also found that the total number of records breached in 2014 was nearly 20% higher than in 2013 when 800 million records were leaked.
Around 40% of instances involving the most common attack types were undisclosed, with malware and DDoS tying for second at 17.2% each.
The US-CERT (Computer Emergency Readiness Team) disclosure of a class of vulnerabilities affecting thousands of Android applications that improperly validate SSL certificates provides nearly 15% of the total for the year, inching the final count to a new historical peak.
Researchers attribute these growth numbers largely in part to increasing security apathy among developers, who have been slow to patch applications despite warnings and increasing awareness of vulnerabilities.
Further, 10 of the 17 (59%) of banking applications using Apache Cordova initially tracked in October 2014 were still vulnerable in January this year.
The report also shows the rise of ‘designer’ vulnerabilities, ones that are increasingly lethal, highly recognizable and tagged with catchy names and logos (like Heartbleed and Shellshock) that would forever identify the disclosure.
These vulnerabilities revealed easily exploitable cracks in the foundational systems and underlying libraries that support nearly every common web platform and content management system.