2019 saw more data breaches, fewer sensitive records exposed

According to a new Identity Theft Resource Center report, the number of U.S. data breaches tracked in 2019 (1,473) increased 17 percent from the total number of breaches reported in 2018 (1,257). However, 2019 saw 164,683,455 sensitive records exposed, a 65 percent decrease from 2018 (471,225,862). The 2018 Marriott data breach exposed 383 million records alone, significantly skewing the data.

more breaches fewer records exposed

“The increase in the number of data breaches during 2019, while not surprising, is a serious issue,” said Eva Velasquez, president and CEO of the ITRC. “It would appear that 2018 was an anomaly in how many data breaches were reported and the number of records exposed. The 2019 reporting year sees a return to the pattern of the ever-increasing number of breaches and volume of records exposed.”

Another critical finding was that “hacking” was responsible for the highest percentage of data breaches (39 percent) and the highest number of non-sensitive records exposed (81 percent).

“Unauthorized access” was the second most common breach method identified with nearly the same percentage as hacking at 36.5 percent. Unauthorized access continued to be a catch-all category with little transparency on the actual method of intrusion throughout 2019.

For the second straight year, the business sector had the most data breaches (644), while the medical/healthcare sector had the second most (525). The government/military sector had the fewest amount of breaches in 2019 at 83.

more breaches fewer records exposed

“The overall increase in breaches is certainly concerning. However, the extraordinary drop in the number of records exposed and the incredible feat of cutting the sensitive PII exposed by two thirds, indicates that we may be moving in a good direction with regards to the extent of the damage associated with breaches. Businesses and consumers need to continue to be vigilant in protecting data and systems, ensuring they have current protections in place, because even non-sensitive data exposure can lead to more serious issues,” said Matt Cullina, Board Chair of the ITRC.

Don't miss