The latest count from the Identity Theft Resource Center (ITRC) indicates that there have been 1,222 data breaches recorded this year through December 6 and that more than 172 million records have been exposed since the beginning of the year. The incident total is 18.1% higher than at the same time last year.
In 2016, the ITRC reported a record total of 1,093 breaches and at the current pace that record could rise to around 1,500 this year.
As more and more websites adopt the secure web transmission protocol “https,” it is only natural to expect cybercriminals to follow. The popular Chrome and Firefox browsers send an alert to users who are about to enter sensitive information like passwords and credit card numbers on a non-secure, non-https website.
Security researchers at PhishLabs observed that in the third quarter of this year nearly 25% of all phishing sites hosted “https” domains. The firm explains that as more websites obtain an SSL certificate (necessary for an “https” domain name), the number of sites that could be compromised goes up and makes for more attractive targets.
The “https” designation, however, does not guarantee either that a website is secure or that known vulnerabilities have been patched. An SSL certificate indicates only that traffic sent from a website is encrypted while in transit.
And here’s where a little knowledge is a dangerous thing. Users misunderstand what “https” means. A phishing attack from a site with an “https” designation appears to be more legitimate. Two primary targets of such attacks are PayPal and Apple, so users are cautioned to be certain they are dealing with the real company before giving up any personal data. The PhishLabs report is available here, and more discussion along with screen grabs of phishing attacks are available at Krebs on Security.
The business sector leads them all in the number of records compromised so far in 2017, with more than 157 million exposed records in 628 incidents. That represents 51.4% of the incidents and 91.4% of the exposed records so far this year.
The medical/health care sector has posted 28.1% (343) of all 2017 data breaches. The number of records exposed in these breaches totals nearly 5 million, or about 2.9% of the 2017 total.
The educational sector has experienced 110 data breaches since the beginning of the year. The sector accounts for 9% of all breaches for the year and more than 1.1 million exposed records, about 0.7% of the year’s total.
The government/military sector has suffered 61 data breaches to date in 2017, representing about 3.4% of the total number of records exposed and 5% of the incidents. About 5.8 million records have been compromised in this sector.
The number of banking/credit/financial sector breaches now totals 80, some 6.5% of the total incidents reported so far this year. More than 2.9 million records have been reported to be compromised in the incidents.
Since beginning to track data breaches in 2005, ITRC had counted 8,199 breaches through December 6, 2017, involving almost 1.06 billion records.