The first half of 2018 saw 2,308 publicly disclosed data breaches that resulted in the exposure of approximately 2.6 billion user records, a report from cyberthreat intelligence company Risk Based Security has shown.

This represents a drop from 2,439 breaches and 6 billion data records exposed that were reported for the first half of 2017, according to the firm’s “Mid-Year 2018 Data Breach QuickView” report.

“2018 has been a curious year. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information. 2018 is remarkable in that the number of public disclosed breaches appears to be leveling off while the number of records exposed remains stubbornly high,” said Inga Goddijn, Executive Vice President for Risk Based Security.

Now, while it is true that the number of records exposed fell, Goddijn doesn’t think that this isn’t exactly grounds for optimism. “It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year,” she said.

Meanwhile, a closer look also shows that five breaches exposed 100 million or more records each. Collectively, they accounted for approximately 2 billion of the total exposed records.

The reported breach of 1.19 billion records from India’s biometric database, Aadhaar, earlier this year, made it to the top as the worst case of a data-compromise event in the first half of this year.

In terms of sectors, the business sector came off worst with 40% of the reported breaches, followed by health care (8.3%), government (8.2%), and education (4.5%). A rather large proportion (almost 40%) of the organizations were not classified, however.

As for breach types, fraud compromised the highest share of records (47.5%), whereas hacking (54.6%) was responsible for the most incidents. What complements the picture is the record-high number of vulnerabilities reported in 2017, together with the absence of installed patches, which makes many systems ripe for exploitation. On the other hand, phishing for credentials and then using them to invade systems or services continues to be a popular attack method.