Data Breach Mid-Year Report: 2017 on a Record Pace

Based on the number of data breach reports in the news, it should be no surprise breaches in the U.S is on the rise. What is noteworthy, however, is the rate of which these breaches are occurring.

New data from the Identity Theft Resource Center (ITRC) and CyberScout indicates as of June 30, 2017, the U.S. has seen a record high of 791 breaches — a 29 percent increase from 2016’s same timeframe. Based on this pace, the ITRC projects breaches to hit 1,500 this year alone. Overall, that’s a 37 percent annual increase from 2016’s figure of 1,093 breaches (another all-time high).

"Because breaches have become ubiquitous, it is incumbent upon organizations that suffer a compromise to be candid and provide as much information as possible, so that consumers will have the best opportunity to mitigate their personal consequences,” said Adam Levin, Chairman of CyberScout.

One problem in the data breach world is that, despite knowing how many breaches have been occurred, it’s difficult to understand the full scope of those incidents. Because many companies aren’t transparent in reporting the number of records impacted by a specific data breaches, it’s hard to tell the amount of personal credentials actually leaked per breach.

“While many businesses don't necessarily have a handle on the depth and breadth of a breach, they could well be judged by customers, employees, regulators and the courts on how well they protected the information they stored as well as the urgency, transparency and empathy with which they responded once they were aware they had been hacked,” Levin said.

Regulations in the data breach world still allow companies to be less than transparent in sharing the exact amount of records impacted by a hack, but times are changing.

"We have made progress in transparency regarding data breach notifications but this only goes so far when we do not have complete information.  The number of records breached in a specific incident allows us to provide more insight into the scope of this problem, and is a necessary next step in our advocacy efforts," said Eva Velasquez, ITRC President and CEO.

In the banking/credit/financial services category, new data from the ITRC shows there have been 47 breaches in 2017 so far, with a reported 526,000 records compromised. Overall, that’s 5.6 percent of the breaches as of July 18.

Here’s more key points from the report:

• 67 percent of data breach notifications did not supply the number of records affected — making it more difficult to understand the full scope of many major data breaches.
• That figure is a 13 percent increase from the same time period last year, and a significant increase of the 10-year average of 43 percent.
• 81.5 percent of breaches in the health and human services sector included the number of impacted records (Per mandatory reporting rules for healthcare breaches. Note: Regulations don’t require employee information to be reported).
• The business sector tops the list for breaches, accounting for 54.7 percent.
• Hacking (phishing, ransomware/malware and skimming) is the leading cause of data breaches, with 63 percent of 2017’s breaches involving hacking as the primary method (a 5 percent increase from 2016’s figures)
• 60 percent of breaches involved the exposure of social security numbers — the most effective route to identity theft.
• The exposure of credit/debit cards rose to 12.6 percent and 9.6 percent, respectively — a result of numerous high-profile data breaches across the hospitality and fast food sectors.

“Cyber attacks that target businesses are continuing to rise, as hackers aim to steal the most sensitive personal data and demand payoffs in crippling ransomware attacks. All these trends point to the need for businesses to take steps to manage their risk, prepare for common data breach scenarios, and get cyber insurance protection,” said Matt Cullina, CEO of CyberScout.