The ITRC’s Data Breach List has disclosed that so far in 2016, the number of compromised records has reached 6.2 million; adding to the more than 851 million records exposed over the last decade.  That’s a pretty big number considering we’re not even half way through the new year.

 

Additional information from the Data Breach List sheds even more light on the data compromised and the industries involved.

  • 32.7% of breaches have compromised Social Security numbers (SSNs).
  • 13% of breaches have exposed credit or debit card information.
  • The healthcare industry was responsible for 16.6% of the 245.2 million records that exposed individuals’ SSNs.
  • ITRC believes that the 575 healthcare breaches since 2010 have exposed more than 142 million SSNs.
  • From January to February of 2016 the IRS experienced a 400% surge in tax related phishing and malware incidents.
  • 13.6% of 122.8 million records leaked with credit or debit card details is attributed to the business sector.

 

When we look at the ITRC’s Data Breach List data from 2005 to today, it paints an even clearer picture of how affected different industries have been by breach over the past 11 years; and why it’s so important for every organization to get a move on information security.

 

For the business industry:

  • Security incidents have increased in retail, hospitality, transportation, and trade (to name a few).
  • 35.6% of U.S. breaches and a total of 399.4 million compromised records involve business entities.
  • Business/professional entities have experienced the most hacking related incidents; a total of 809 so far, which have impacted 360.1 million records.

 

When it comes to healthcare:

  • Since 2005, more than 176.5 million medical and healthcare records have been exposed.
  • Since 2014, of the 176.5 million records, more than 1.5 million have been physically stolen.
  • Since 2007, more than 131 million records have been exposed due to hacking and 17.2 million have been exposed by data on the move.
  • Lastly, employee error/negligence and insider theft have resulted in a total of 371 healthcare related breaches.

 

In the education sector we see that:

  • The education industry is ranked the lowest in breaches due to insider theft; it only accounts for 0.7%.
  • However, more than 2.4 million records from public or private educational facilities have been disclosed by accident via email or the Internet.

 

As for the government industry:

  • Compared to the healthcare sector, employee error/negligence accounted for a total of 61 breaches, but these breaches led to more records exposed (totaling 7 million).
  • Less than 389,000 credit or debit card numbers were compromised, but 57.4 million government and military members’ SSNs have been exposed.

 

The last on the list of industries that the List covers, financial services, showed that:

  • Financial, banking and credit sectors rank lowest so far in breaches exposing SSNs, 2.6% to be exact.
  • The most data exposed, 13.5 million records, by a bank, credit union, mortgage company or investment firm resulted from data on the move.
  • And third-party breaches resulted in 13.4 million records being exposed.

 

From the information listed above, data that has been collected for almost a decade now, it is very clear that all industries (holding any type of sensitive data) have a lot of work to do when it comes to data security.  It also shows that an organization can’t only work on network security or employee security training; but rather, that a holistic risk management approach is highly advisable if organizations are going to reduce overall security vulnerabilities.

 

If you’re unclear on the status of your information security posture, give us a call.  A clear picture of what has been done or needs to be done, reassures you that you are getting rid of vulnerabilities and it provides a sense of security to your clients and business partners that will ensure they want to continue doing business with you.

 

Photo courtesy of alexskopje