The retail industry last year accounted for 205 million exposures of consumers’ identity data, up 30% from 2013, according to a new report from Symantec Corp, a security technology firm.

Its latest Internet Security Threat Report, issued annually, is based on the threat activity monitored by the Symantec network in 157 countries. The report also finds 312 total web data breaches in 2014, up 23.3% from 253 in 2013. The top five industries from which those breaches stemmed are health care, 37%; retail, 11%;  education, 10%; government, 8%; and financial, 6%.

When it comes to exposed identities in 2014, the top five sectors for criminals are: retail, accounting for 59%; financial, 23%; computer software, 10%; healthcare, 2%; and government, 2%.

The Symantec report also measures the chances that emails carry malware—that is, malicious code that can expose data on a computer to criminals. Last year, 1 in 244 emails carried malware compared with 1 in 196 in 2013.

So what are criminals paying for stolen data and other nefarious goods on the black market? According to the Internet Security Threat Report:

• 50 cents to $1 for 1,000 stolen email addresses.

• $70 to $150 for “1 million verified email spam mail-outs.”

• 50 cents to $20 for what the report calls “credit card details.”

• $12 to $3,500 for custom malware.

• $2 to $12 for 1,000 social network followers.

• $7 to $8 for stolen web-hosted, or cloud, accounts.

The report also veers into mobile commerce, finding 46 distinct groups, or “families” of Android mobile malware in 2014, down 19.3% from 57 in 2013. “The falling number of families doesn’t indicate the problem is going away but just that the rate of innovation is slowing down,” the report says. 

Favorite