There has been a 40% increase in data breaches compared to one year ago—even though from a headline perspective, 2015 seemed to be a bigger year for mega-breaches.
A report from CyberScout and the Identity Theft Resource Center on the numbers around publicly reported breaches found that in 2016, there were a total of 1,093 incidents in 2016, up from 780 in 2015—a new record in reported numbers. That said, changes in state breach notification laws made more incidents public than ever before.
The report shows that 52% of data breaches exposed Social Security numbers, an increase of 8.2% over 2015 figures; but only 13% of data breaches exposed credit card or debit card information—a decrease of 7.4% from 2015.
The spike in SSN exposures is in clear alignment with the surge of CEO spear phishing attacks, which target this type of information. These efforts (also known as business email compromise schemes) in which highly sensitive data, typically information required for state and federal tax filings, was exposed. As early as February, the IRS had already seen a 400% surge in this type of activity prompting both consumer and industry alerts addressing this issue.
Overall, hacking/skimming/phishing attacks were the leading cause of data breach incidents for the eighth year in a row, accounting for 55.5% of the overall number of breaches. That’s an increase of 17.7% over 2015 figures.
The business sector again topped the list in the number of data breach incidents, with 494 reported, representing 45.2% of the overall number of breaches. The medical industry overall reported 377 incidents, accounting for 34.5% of them. The education sector had 98, representing 9%, the government/military (72) came in at 6.6% and the banking/credit/financial sector (52) at 4.8%.
Breaches involving accidental email/internet exposure of information was the second most common type of breach incident at 9.2% of the overall number of breaches, followed by employee error at 8.7%. With the exception of hacking, all other categories reflected decreases from 2015 figures.
“For businesses of all sizes, data breaches hit close to home, thanks to a significant rise in CEO spear phishing and ransomware attacks,” said Matt Cullina, CEO of CyberScout and vice chair of ITRC’s Board of Directors. “With the click of a mouse by a naïve employee, companies lose control over their customer, employee and business data. In an age of an unprecedented threat, business leaders need to mitigate risk by developing C-suite strategies and plans for data breach prevention, protection and resolution.”
Photo © cherezoff