A record 1,093 data breaches were reported in 2016, a jump of 40% compared with the 2015 total of 780 breaches. A total of 36.6 million records were exposed last year, well below the 169 million records exposed in 2015.
Partly the big year-over-year increase is due to better reporting and partly the jump is due to determined efforts by hackers and crooks to steal, or more recently hold for ransom, user data.
The leading type of attacks for the eighth consecutive year were hacking/skimming/phishing attacks, accounting for 55.5% of all data breaches. According to the Identity Theft Resource Center (ITRC), much of the increase came from what are known as CEO spear-fishing attacks that fool corporate executives into revealing confidential employee records.
ITRC chairman and founder Adam Levin noted:
More than half of the breaches reported by the ITRC included the skeleton key to our lives: the Social Security number. This trend, which has accelerated since 2015— when just four breaches exposed over 120 million Social Security numbers to state-sponsored hackers and cyber criminals— represents the point of no return for millions of Americans. While credit and debit card numbers can be changed, SSNs cannot. Therefore, monitoring and damage control become even more important than ever before.
The final tally on 2016 data breaches shows the following breakdown of the 1,093 breaches by category and records exposed.
The medical/health care sector led all sectors in the number of records compromised in 2016, with 34.4% (376) of all data breaches last year. The number of records exposed in these breaches topped 15.9 million, or about 43.6% of the 2016 total.
The government/military sector suffered 72 data breaches last year, representing about 37.9% of the total number of records exposed and 6.6% of the incidents. Over 13.8 million records were compromised in this sector in 2016.
The business sector accounted for more than 5.6 million exposed records in 495 incidents. That represents 45.3% of the incidents, and 15.5% of the exposed records during 2016.
The number of banking/credit/financial breaches totaled 52 for the year and involved about 72,000 records, some 4.8% of the total number of breaches and about 0.2% of the records exposed.
The educational sector saw 98 data breaches in 2016. The sector accounts for 9% of all breaches for the year and more than 1 million exposed records, about 2.9% of the year’s total.
Since beginning to track data breaches in 2005, ITRC has counted 6,789 breaches through December 13, 2016, involving more than 886 million records.