One billion personal records exposed in 2014, warns IBM

More than one billion personal records were leaked online in 2014, according to IBM's security research team.

The total is 25 per cent higher than the 800 million personally identifiable information (PII) records leaked in 2013, the X-Force team revealed yesterday.

The experts called 2014 a "white knuckle rollercoaster ride" in which data breaches, malware and mobile app vulnerabilities all contributed to the huge volume of data exposed.

However, three overarching themes emerged weak passwords, critical vulnerabilities in operating systems, and sensitive photos stored on cloud services.

The Threat Intelligence Quarterly report read: "When we look back in history to review and understand the past year, you can be assured it will be remembered as a year of significant change.

"Breaches and security incidents were being announced so rapidly in 2014 that many struggled to keep up.

"By the end of the year, we began to see that this digital storm of attacks would not cease, but instead would likely become larger, grow more encompassing, and raise increasingly important personal privacy concerns, as evidenced by the breach at Sony."

The majority of data was stolen from US companies such as Sony, which suffered embarrassing email leaks alongside unreleased films and staff data.

Retailer Target was found guilty of ignoring an early-warning system when 70 million customer records were stolen at the turn of the year.

Photos of naked celebrities were leaked after hackers broke into Apple's iCloud service.

IBM referred to vulnerabilities including Shellshock, and this year's newly discovered FREAK, adding that good old-fashioned malware continued to play its part, with cyber criminals using it to hit banking firms and other industries.

It also found that ransomware became more popular in 2014, with hackers either threatening sites with DDoS attacks or encrypting a user's data until a fee is paid.

The team concluded: "A review of the breaches in 2014 shows a mix of attackers targeting low-hanging fruit ... as well as using sophisticated, custom exploits to reach high-profile targets with surgical precision."