The last few weeks are filled with reports on recent data breaches and how politicians and industry leaders in Washington want to change how data security regulation must be implemented. But how bad is the problem, really?
The Identity Theft Resource Center® has been compiling an annual list detailing each reported data breach since 2005 covering 5 industry sectors: Banking/Credit/Financial, Business, Educational, Government/Military and Medical/Healthcare. Recently, the ITRC posted their 2013 Data Breach Report, which recorded 619 data breaches in the past year, leading to over 57 million personal records being exposed. According to the ITRC, the total number of breaches reported increased by over 30%, year over year. For 2013, there were two industry sectors that recorded the highest percentage of breaches reported and records exposed, the Healthcare and Business industries.
In 2013, the Healthcare sector accounted for nearly half of 2013’s reported data breaches adding up to 267 breaches. But the Healthcare sector represented only a small segment of the total number of records exposed, with roughly 4.6 million exposed records reported. Due to regulations enacted 4 years ago by the Department of Health and Human Services, any breach that affects 500 or more individuals in the healthcare sector must be reported. Because of this, we can see how effective these regulations are when it comes to informing consumers and keeping them aware of breach notifications.
The business sector on the other hand accounted for 210 out of 619 reported breaches in 2013, but the ITRC reports that over 47 million records were exposed in the business sector alone, claiming 81% of all records exposed in 2013, which tripled last year’s volume. What this tells us is that while the healthcare sector may be responsible for a large portion of the total number of breaches in 2013, merchants and retailers have exposed vastly more records. Data security varies much more profoundly from retailer to retailer compared to members of the healthcare industry.