6,013 breaches reported in the US since 2005

In 2005, the Identity Theft Resource Center (ITRC) began monitoring and tallying the ever-growing number of US security breaches. Since then, the organization has seen a 397 percent increase in data exposure incidents across financial services, business, education, government and healthcare sectors.

This week, the ITRC’s Data Breach List hit a milestone of 6,013 reported data breach incidents. So far in 2016, nearly 6.2 million records have been compromised – adding to the more than 851 million records exposed over the last decade.

Although no two breaches are exactly alike, a common thread is the exposure of personal identifying information (PII), with 32.7 percent of breaches compromising Social Security numbers (SSNs) and nearly 13 percent exposing credit or debit card information.

The healthcare sector was single-handedly responsible for 16.6 percent of the 245.2 million records exposing individuals’ SSNs – offering low-hanging fruit to identity thieves, particularly during tax season.

The IRS experienced a 400 percent surge in tax-related phishing and malware incidents during January and February of this year. SSNs are the golden ticket – the most critical piece of information – for fraudsters to effectively impersonate another individual.

“Tax refund fraud continues to rise creating almost unbearable issues for victims nationwide,” said Eva Velasquez, CEO of ITRC. “It is our belief that the 575 healthcare breaches since 2010 – that have exposed more than 142 million social security numbers – are contributing to this increase”.

The business sector, on the other hand, has accounted for 13.6 percent of 122.8 million records leaked with credit or debit card details, following high-profile hacks of major retailers like Target and Home Depot.

Additional data points across all five sectors, from 2005 to present, include:

Business

• Security incidents have increased dramatically across retail, hospitality, transportation, trade and other professional entities, accounting for 35.6 percent of U.S. breaches and a total of 399.4 million records compromised.
• This sector has experienced the most hacking-related incidents (809 total), impacting 360.1 million records.

Healthcare

• Of the more than 176.5 million medical and healthcare records exposed since 2005, slightly more than 1.5 million have been physically stolen since 2014. More than 131 million records have been exposed due to hacking since 2007 and 17.2 million have been exposed by Data on the Move.
• Employee error/negligence and insider theft resulted in a total of 371 healthcare-related breaches.

Education

• More than 2.4 million records from public or private educational facilities have been disclosed accidentally via e-mail or the Internet.
• The education sector ranked lowest (0.7 percent) in breaches due to insider theft.

Government

• 57.4 million government and military members’ SSNs have been exposed, whereas less than 389,000 credit or debit card numbers were compromised in this sector.
• Compared to the healthcare sector, government employee error and/or negligence initiated a total of 61 breaches, but led to more records exposed (7 million total).

Financial services

• Financial, banking and credit sectors ranked lowest (2.6 percent) in breaches exposing SSNs.
• The most data exposed (13.5 million records) by a bank, credit union, mortgage company or investment firm resulted from data on the move, just slightly higher than third-party breaches with 13.4 million records.