Pace of 2016 Data Breaches Continues to Set New Record

A financial advisor at Ameriprise Financial Inc. (NYSE: AMP) accidentally exposed hundreds of investment portfolios last week. The portfolios were valued in the tens of millions of dollars, according to a report at ZDnet.

The advisor had an internet-connected backup hard drive at home set to synchronize over the internet with the office hard drive. Neither had a password.

The exposed data was uncovered on Shodan and included Social Security, bank account and financial planning data for around 350 high-value customers. The drive also had the advisor’s personal files and a backup of his password manager’s data.

The financial advisor worked under contract for Ameriprise, which claimed that it had more than 7,700 contract advisors in 2015, compared with 2,000 advisors employed by the company. At this time it is not clear if the data exposure is limited to one franchise operator or if the practice that exposed the data is widely used across the nearly 10,000 Ameriprise advisors.

More details and screenshots of the exposed data are available at

The latest data breach count from the Identity Theft Resource Center (ITRC) reports 980 data breaches recorded this year through December 13, 2016, and that more than 35 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 23 since ITRC’s last report on December 6.

The number of breaches in 2015 totaled 781, just two shy of the previous record 783 breaches that ITRC tracked in 2014. The 980 data breaches reported so far for 2016 are more than 30% higher than the number reported (751) for the same period last year. A total of more than 169 million records were exposed in 2015.

Here’s a rundown of the latest ITRC report:

  • The medical/health care sector leads them all in the number of records compromised in 2016. The sector has posted 36.2% (355) of all data breaches to date. The number of records exposed in these breaches tops 15.4 million, or about 43.8% of the total so far this year.
  • The government/military sector has suffered 66 data breaches this year, representing about 37.1% of the total number of records exposed and 6.7% of the incidents. Over 13 million records have been compromised in the government/military sector to date.
  • The business sector accounts for more than 5.6 million exposed records in 432 incidents. That represents 44.1% of the incidents, and 16% of the exposed records.
  • The number of banking/credit/financial breaches totals 43 for the year to date and involves about 72,000 records, some 4.4% of the total number of breaches and about 0.2% of the records exposed.
  • The educational sector has seen 84 data breaches in 2016. The sector accounts for 8.6% of all breaches for the year and more than 1 million exposed records, about 2.9% of the total so far this year.

Since beginning to track data breaches in 2005, ITRC had counted 6,789 breaches through December 13, 2016, involving more than 886 million records.