U.S. data breaches hit an all-time high of 1,091 in 2016 compared to 780 the year before, according to a study released yesterday by the Identity Theft Resource Center (ITRc0) and CyberScout.
The ITRC initially said there were 1,093 breaches in 2016, but that was corrected following the discovery of two duplicate breaches.
Hacking/skimming/phishing attacks accounted for 55.5% of the incidents -- a 17.7% increase over 2015. Many were CEO spear-phishing attacks or business email compromise schemes, which sought data needed for tax filings.
Second were accidental email/internet breaches, accounting for 9.2% of the total. These were followed by employee error (8.7%). Most breach types experienced a decline.
The business sector reported 494 breaches, followed by the healthcare industry (377), the education sector (98), the government/military (72) and the banking/credit financial industry (52).
It was not clear at deadline whether any of these figures had to be adjusted to account for the duplicate breaches. Nor was it evident whether the figures were skewed by new input from over a dozen state agencies.
The ITRC enhanced its reporting through “direct contact with numerous states’ attorney general offices as well as by submitting Freedom of Information Act requests,” states Eva Velasquez, president and CEO, ITRC.
The ITRC has known for ten years of “the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available,” Velasquez explains.
Several states have begun to post this data on their websites, she adds.
Social Security numbers were exposed in 52% of the cases in 2016, an 8.2% increase over 2015. That was due largely to the high number of spear-phishing attacks, in which such information is commonly sought.
In 2015 alone, four breaches exposed over 120 million Social Security numbers to “state-sponsored hackers and cyber criminals,” states Adam Levin, chairman and founder of CyberScout. This represents “the point of no return for millions of Americans,” Levin adds.
Meanwhile, credit/debit card records figured in 13.1% of the episodes, a 7.4% decline from 2015.