Written By ESR News Blog Editor Thomas Ahearn
Statistics released by the Identity Theft Resource Center (ITRC) and CyberScout reveal the number of data breaches in the U.S. tracked through June 30, 2017 hit a half-year record high of 791, according to an ITRC press release. At this pace, ITRC anticipates the number of data breaches could reach 1,500 in 2017, a 37 percent increase over 2016, when data breaches reached an all-time record high of 1,093.
Since 2005, the ITRC – a nationally recognized non-profit organization established to support victims of identity theft and to broaden public education and awareness in the understanding of identity theft – has identified data breaches in five industry sectors: financial/banking/credit, healthcare/medical, government/military, education, and business. So far in 2017, data breaches for each sector are:
- Business sector – 54.7 percent of the total data breaches.
- Healthcare/medical sector – 22.6 percent of the total data breaches.
- Education sector – 11 percent of the total data breaches.
- Banking/credit/financial sector – 5.8 percent of the total data breaches.
- Government/military – 5.6 percent of the total data breaches.
Hacking – which includes phishing and ransomware/malware – was the leading cause of data breaches in the first half of 2017. Statistics show that 63 percent of the overall data breaches involved hacking as the primary method of attack, an increase of 5 percent over 2016 figures. Phishing was involved in 47.7 percent of hacking attacks while ransomware/malware was present in 18.5 percent of hacking attacks.
Statistics also show that 67 percent of data breach notifications or public notices did not report on the number of records impacted, an all-time record high that represents an increase of 13 percent over the first half of 2016 and a major hike over the 10-year average of 43 percent. To assess the impact of data breaches on consumers, industry observers require accurate information about the number of records.
“We have made progress in transparency regarding data breach notifications but this only goes so far when we do not have complete information. The number of records breached in a specific incident allows us to provide more insight into the scope of this problem, and is a necessary next step in our advocacy efforts,” ITRC President and CEO Eva Velasquez stated in the press release.
“Cyber attacks that target businesses are continuing to rise, as hackers aim to steal the most sensitive personal data and demand payoffs in crippling ransomware attacks. All these trends point to the need for businesses to take steps to manage their risk, prepare for common data breach scenarios, and get cyber insurance protection,” said Matt Cullina, CEO of CyberScout, the report’s sponsor.
The ITRC defines data breaches as incidents “in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format.” For more information about data breaches, visit www.idtheftcenter.org/Data-Breaches/data-breaches.
Data breaches can be costly to a company’s reputation and bottom line. As reported by ESR News in May 2017, California Attorney General Xavier Becerra announced a record $18.5 million multi-state settlement with discount store retailer Target, Inc. in response to allegations that more than 40 million customers had payment card information compromised from a data breach during the 2013 holiday season.
ESR Protects Consumer Information Against Data Breaches
Employment Screening Resources® (ESR) – a global background check firm that is a strategic choice for businesses needing accuracy and compliance in their screening programs – has successfully completed a SOC 2® Type 2 data security audit for 2017 to ensure that ESR protects the privacy, security, and confidentiality of consumer background check information. To learn more, visit www.esrcheck.com.
NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.
© 2017 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.