Data Breaches Top 800 to Date in 2016

Anyone who bought a “Never Hillary” poster or donated funds to the National Republican Senatorial Committee (NRSC) between March and early October of this year is highly likely to have been the victim of a cybercrime. They had plenty of company.

According to Brian Krebs at KrebsonSecurity, the NRSC was one of more than 5,900 e-commerce sites apparently hacked by a group of Russian hackers who were able to place malware code on sites with security vulnerabilities or weak passwords. A Dutch researcher discovered the theft and has posted an analysis of the malware code here.

Krebs also reported that Senator Mark Warner (D-VA) has launched a U.S. Senate Cybersecurity Caucus and the caucus has fired off a letter to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security calling the proliferation of Internet of Things (IoT) devices a threat to the security of the internet. The letter followed the massive dedicated denial of service attack that hit parts of the internet last week, and included the following paragraphs, cited by Krebs:

Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support. And buyers seem unable to make informed decisions between products based on their competing security features, in part because there are no clear metrics.

Because the producers of these insecure IoT devices currently are insulated from any standards requirements, market feedback, or liability concerns, I am deeply concerned that we are witnessing a ‘tragedy of the commons’ threat to the continued functioning of the internet, as the security so vital to all internet users remains the responsibility of none. Further, buyers have little recourse when, despite their best efforts, security failures occur.

The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 809 data breaches recorded this year through October 25, 2016, and that nearly 30 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 26 since ITRC’s last report on October 19.

The number of breaches in 2015 totaled 781, just two shy of the record 783 breaches that ITRC tracked in 2014. The 809 data breaches reported so far for 2016 are nearly 22% above the number reported (666) for the same period last year. A total of more than 169 million records were exposed in 2015.

Here’s a rundown of the latest ITRC report:

  • The medical/health care sector leads all sectors in the number of records compromised to date in 2016. The sector has posted 36.2% (293) of all data breaches this year. The number of records exposed in these breaches totaled exceeds 14 million, or about 48.4% of the total so far.
  • The government/military sector has suffered 56 data breaches this year, representing about 41.3% of the total number of records exposed and 6.9% of the incidents. More than 12 million records have been compromised in the government/military sector to date.
  • The business sector accounts for more than 2.5 million exposed records in 354 incidents. That represents 43.8% of the incidents and 8.5% of the exposed records.
  • The number of banking/credit/financial breaches totals 34 for the year to date and involves more than 26,000 records, some 4.2% of the total number of breaches and about 0.1% of the records exposed.
  • The educational sector has seen 72 data breaches in 2016. The sector accounts for 8.9% of all breaches for the year and nearly 500,000 exposed records, about 1.6% of the total.

Since beginning to track data breaches in 2005, ITRC had counted 6,619 breaches through October 26, 2016, involving more than 881 million records.