2018 Data Breach Recap: Exposed PII Records Up 126 Percent

Posted by Anna Kragie on Feb 7, 2019 7:30:00 AM

As 2019 enters its second month, financial institutions are ready to move on from 2018, and are rapidly focusing on how to prepare and protect their customers from the next big wave of credit card fraud. As the trends show, it's going to get better before it gets worse. This has been the storyline that continues to play out year after year. 

But to fully prepare for the year ahead, it's worth taking a quick recap of how 2018's figures stacked up, including data on what fraudsters are targeting most. After all, last year's figures give valuable hints into what 2019's biggest data breach headaches will likely be. The latest data from the Identity Theft Resource Center (ITRC) breaks down which sectors were hit the hardest, along with details about the biggest threats to emerge in 2018.

The biggest takeaway from ITRC's 2018 data breach report is the fact that data breaches were actually down. This bright spot in the report, however, was balanced out by the reality that all organizations must grapple with: The number of personal records exposed more than doubled in 2018. Exposed PII records rose 126%. To be more specific, this was a sharp increase from 197,612,748 records exposed to 446,515,334 records exposed

“The increased exposure of sensitive consumer data is serious,” Eva Velasquez, CEO of the ITRC, said in a statement. “Never has there been more information out there putting consumers in harm’s way.”What this suggests is that hackers are getting more targeted in their approaches, and have found new ways to access data on a much larger scale. The impact from an increased number of PII in the hacker ecosystem opens up consumers to more threats such as increased identity theft, credit card fraud and an even greater chance of synthetic fraud. 

Here's how the ITRC's report broke down the data breaches in 2018, including the number of records exposed:

A majority of breaches were the result of outside hacking, which was also the case in 2017. One noteworthy difference in the 2018 report was the rate at which hacking incidents increased, which shows why there was an massive jump in the number of records exposed.

As the report notes: "The variety of industries and types of businesses impacted by breaches in 2018 opened the eyes of many consumers to the fact that breaches have become 'the new normal.' It’s not so much a matter of 'if' a breach will happen, but 'when' a breach will happen."

When breaking down what type of data was exposed, here is a breakdown of how many times specific PII was involved in a data breach:

 To read ITRC's full report, click here.