At least one billion records of personally identifiable information (PII) were leaked in 2014, according to IBM X-Force.
The total number of records compromised in 2014 was more than 25 per cent higher than in 2013, when 800 million records were leaked. Three in four (74.5 per cent) of these incidents took place in the United States.
The quarterly report, published on Monday, also logged more than 9,200 new security vulnerabilities affecting more than 2,600 unique vendors in 2014 – a 9.8 per cent increase over 2013 and the highest single yearly total in the 18 years of the report's history.
IBM's security researchers attributed the growth primarily to "security apathy amongst developers, who have been slow to patch applications, despite warnings and increasing awareness of vulnerabilities". For example, 10 of the 17 banking applications (59 per cent) using Apache Cordova initially tracked in October 2014 were still vulnerable in January of this year.
Overall 2014 saw a surge in the disclosure of "designer vulns" (Heartbleed, Shellshock etc.) and security incidents targeting more than financial gains, IBM X-Force concludes.