According to a report released by the Identity Theft Resource Center and CyberScout, data breaches are running 29% above last year. Hacking was the leading cause of data breaches nationwide, more than 790 so far this year.
Although two-thirds of data breach notifications or public notices did not report the number of records compromised, more than 12 million records have been exposed.
“Only 33 percent of data breaches reported this year have made the number of records exposed publicly available,” said Karen A. Barney, director of research and publications at Identity Theft Resource Center, an increase of 13 percent over 2016 mid-year numbers.
The resource center tracks breaches in the categories of financial, health care and medical, government and military, education and business.
More than half of all beaches this year have occurred in business, followed by health care and medical. Breaches in the medical and health-care industry are most likely to include the number of records involved. More than 80 percent of breaches in 2017 that were reported to Health & Human Services included the number of records.
According to the resource center, a data breach occurs when a name is released in connection with a Social Security number, driver’s license number, medical or financial record. The exposure is tracked when it occurs because of a phishing or hacking attack, theft, negligence or error.
“Exposure of the Social Security number is the primary trigger across the board for a state data breach notification,” Barney said.
Exposure that includes a user name or email address in combination with a password or security information that would allow access to an online account may also trigger a notification in California, the first state to enact a data security breach notification law.
This year, personal information has been compromised by the unauthorized acquisition of data at universities, businesses, banks, medical and government institutions:
- Sharp Healthcare in San Diego reported that more than 750 outpatient records may have been exposed in February.
- Internal Revenue Service Commissioner John Koskinen reported that personal information for up to 100,000 taxpayers may have been compromised in April when an online tool used to apply for federal student aid was breached.
- Almost 5 million job seekers in ten states may have had information that includes names, dates of birth and Social Security numbers accessed when America’s JobLink Alliance, a web-based system that links job seekers with employers, was hacked in March.
- Customers who enjoyed a roast beef sandwich at Arby’s earlier this year may be at risk after malware was found on cash registers at some of the chain’s fast-food restaurants, and data from more than 355,000 credit and debit cards may have been stolen.
Major breaches involving the exposure of names and other information have also occurred this year:
- Last week Verizon confirmed that the names, addresses, phone numbers and some security pins of 6 million customers stored on a cloud server, were exposed online by a vendor, but no loss or theft of customer information occurred.
- Deep Root Analytics, a data firm contracted by the Republican National Committee, leaked detailed personal information on almost 200 million U.S. voters last month, when a database was left exposed on the web for nearly two weeks. Those files included voting history, political leanings and information from Reddit, but do not appear to include Social Security or credit card information.
- Records may also have been compromised in data breaches of AT&T, Toys “R” Us, Coachella Music Festival, U.S.Cellular, Saks Fifth Avenue, Sallie Mae, MrExcel.com, Allrecipes.com. and others according to the list from ITRC.
Since 2005, there have been almost 7,700 data breaches which have exposed more than 900 million records in the U.S. according to the resource center.