For those that think security is not anything to worry about think again as U.S. data breaches last year hit an all-time high of 1,093, a new report found.
This represents a hike of 40 percent over the 780 incidents reported in 2015, according to a new report by the Identity Theft Resource Center (ITRC) and CyberScout.
“For the past 10 years, the ITRC has been aware of the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available. This year we have seen a number of states take this step by making data breach notifications public on their websites. The ITRC Data Breach Report 2016 now includes information from more than a dozen state agencies,” said Eva Velasquez, president and chief executive of ITRC.
Since 2005, the ITRC has been identifying data breaches in five industry sectors. In 2016, the business sector again topped the list in the number of data breach incidents, with 494 reported, representing 45.2 percent of the overall number of breaches. This was followed by the healthcare/medical industry (377 incidents), representing 34.5 percent of the overall total. The education sector (98) followed at 9 percent, the government/military (72) at 6.6 percent and the banking/credit /financial sector (52) at 4.8 percent.
In 2007, the ITRC began adding categories to identify data breach incidents by the “type of occurrence.” For the eighth consecutive year, hacking/skimming/phishing attacks were the leading cause of data breach incidents, accounting for 55.5 percent of the overall number of breaches, which is an increase of 17.7 percent over 2015 figures. Of these, many were a result of chief executive spear phishing efforts (also known as business email compromise schemes) in which highly sensitive data, typically information required for state and federal tax filings, ended up exposed. As early as February, the IRS had already seen a 400 percent surge in this type of activity prompting both consumer and industry alerts addressing this issue.
Breaches involving accidental email/Internet exposure of information was the second most common type of breach incident at 9.2 percent of the overall number of breaches followed by employee error at 8.7 percent. With the exception of hacking, all other categories reflected decreases from 2015 figures.
Since 2010, the ITRC has been tracking breaches involving Social Security numbers (SSNs) and credit card/debit card numbers. Exposure of SSNs was in 52 percent of the overall number of breaches in 2016, representing an increase of 8.2 percent over 2015 figures.
Exposure of records involving credit/debit cards at 13.1 percent, reflects a decrease of 7.4 percent from 2015. With that said, it is important to remember most data breach notifications or media reports do not include the type of information exposed.