Things like government-issued identification numbers and whatnot are the most severe, so how many people have been affected by that since 2004? If we break it apart by category we start to see how these breaches have become:
E-mail addresses: 530,991,405
SSN/PII: 327,471,624
Credit card: 335,772,083
Authentication: 430,756,146
Bank records: 4,270,000
For the first line, it's just a list of e-mail addresses. The latter four are the most severe. Out of that list, what is the most useful? I'd wager the SSN/PII, authentication, and bank records; credit cards are only useful for so long really.
This means we're at over 750,000,000 records that may be usable. However, with the authentication portion, we're looking at that being even more useless as time goes on. Accounts from 2004 may not be usable in 2014 either.
So yes. We have had over 1.2 billion records leaked, but really how much of that is at all useful? None of these take duplicates into account however.
Useful to spammers? Half a billion emails is very useful.
Useful to hackers? Hundreds of millions of records.
Useful for fraud? Hundreds of millions of records.
Useful for data-mining and intelligence? All of them.
Many banks don't issue new debit/credit card numbers, they just change the expiration (the 3 digit code is rarely used from my personal experiences). It's easy to brute force the expiration.
SSN numbers and security questions can allow access to many accounts.
Figuring out password hashes (lots of methods) is sometimes easy, sometimes hard.
Bank account numbers rarely change, damage can be done with these.
How many people use their real information online? Most.
How many use secure passwords and change their passwords ever/enough? Few.
The LexisNexis breach alone is a disaster, they're basically data-miners with exclusive access to personal details.
Let's look at this useful spreadsheet:
https://docs.google.com/spreadsheet/ccc?key=0AmenB57kGPGKdHh...
And here are the numbers:
Hacked: 880,575,016
Inside job: 137,714,840
Accidental: 63,322,485
Lost/stolen: 206,237,702
Misc: 1,825,350
Things like government-issued identification numbers and whatnot are the most severe, so how many people have been affected by that since 2004? If we break it apart by category we start to see how these breaches have become:
E-mail addresses: 530,991,405
SSN/PII: 327,471,624
Credit card: 335,772,083
Authentication: 430,756,146
Bank records: 4,270,000
For the first line, it's just a list of e-mail addresses. The latter four are the most severe. Out of that list, what is the most useful? I'd wager the SSN/PII, authentication, and bank records; credit cards are only useful for so long really.
This means we're at over 750,000,000 records that may be usable. However, with the authentication portion, we're looking at that being even more useless as time goes on. Accounts from 2004 may not be usable in 2014 either.
So yes. We have had over 1.2 billion records leaked, but really how much of that is at all useful? None of these take duplicates into account however.