According to a new report from the Identity Theft Resource Center (ITRC) and CyberScout, 2016 saw an all-time high of 1,093 reported data breaches, a 40 percent increase over the previous year’s total of 780.
ITRC president and CEO Eva Velasquez said it’s not clear whether the increase is due an actual surge in breaches or simply due to more states making the information available.
“For the 10 years, the ITRC has been aware of the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available,” Velasquez said in a statement. “This year we have seen a number of states take this step by making data breach notifications public on their websites.”
The business sector saw the most data breach incidents (494) in 2016, followed by the healthcare industry (377 incidents), the education sector (98), the government/military (72), and the banking/credit/financial sector (52).
Hacking/skimming/phishing attacks accounted for 55.5 percent of breaches in 2016, an increase of 17.7 percent over 2015. Accident exposures of information by email or online came in second at 9.2 percent, followed by employee error at 8.7 percent.
“For businesses of all sizes, data breaches hit close to home, thanks to a significant rise in CEO spear phishing and ransomware attacks,” CyberScout CEO Matt Cullina said in a statement. “With the click of a mouse by a naive employee, companies lose control over their customer, employee and business data.”
“In an age of an unprecedented threat, business leaders need to mitigate risk by developing C-suite strategies and plans for data breach prevention, protection and resolution,” Cullina added.
Fifty-two percent of all reported breaches exposed Social Security numbers, and 13.1 percent exposed credit or debit card information.
“The database compromises of 2016 confirmed yet again that breaches are the third certainty in life and we are all living in a constant state of cyber insecurity,” CyberScout chairman and founder Adam Levin said in a statement. “Hackers and identity thieves continue to evolve. They are very sophisticated, extremely creative and dogged in their pursuit of what is ours.”
Separately, 10Fold recently published a list of the 10 largest breaches of 2016, including Yahoo, FriendFinder, Myspace, LinkedIn, VK Russia, Dailymotion, Tumblr, Dropbox, the Phillippines Commission on Elections, and the Turkish citizenship database. The 10 breaches together exposed more than 2.8 billion personal records.
“If 2015 was the year of the healthcare data breach — breaches impacted nearly 40 million people — then 2016 was the year of the social media breach,” Angela Griffo, vice president of 10Fold’s cyber security practice, said in a statement. “Four of the top 10 breaches were social media related and impacted more than 640 million people.”
“But the biggest surprise of the year was Yahoo revealing that the information of more than 1.5 billion people had been stolen by attackers,” Griffo added. “Regardless of an attacker’s motive, any compromised information leaves users susceptible to identity theft and fraud.”