The Identity Theft Resource Center (ITRC) reported Thursday morning that there were a total of 57 U.S. data breaches in the month of September, resulting in the exposure of 14.45 million records. Nearly 44% of the breaches occurred in the business sector, and almost 40% occurred in the medial/health care sector.
Hacking accounted for 100% (two incidents) of breaches in the banking/credit/financial sector last month, 56% of 25 breaches in the business sector, 36% of 22 breaches in the medical/health care sector, 33% of three breaches in the education sector, and 20% of five breaches in the government/military sector.
The month’s worst incident involved the inadvertent exposure of approximately 14 million customer receipts at Government Payment Services, a provider of payment services to about 2,300 government agencies in 35 states. The company’s payment website, GovPayNow, allows consumers to check receipts whenever they choose. A flaw allowed anyone, customer or not, to view customer records by altering digits in the web address displayed on each receipt.
The company said it has addressed the problem and “has no indication that any improperly accessed information was used to harm any customer.” The firm also noted that “receipts do not contain information that can be used to initiate a financial transaction.” Security analyst Jessica Ortega of SiteLock likened the breach to last year’s exposure of records on 143 million Americans by credit reporting service Equifax:
I think we’re probably OK, but it’s always a good idea for people to be vigilant whenever a breach has occurred. … You are ultimately responsible for the vendors in your supply chain, but this was a widely adapted service that was contracted. Up to this point we had no reason to suspect there was an issue, so again it just all comes back to being proactive. That proactive evaluation of data storage is so crucial in these days.
Including the GovPayNow breach, a total of 14.44 million records were exposed last month, with the vast majority of the remaining leaks occurring in the business sector, where more than 380,000 records were exposed. Nearly 64,000 medical/health care records were exposed last month as well.
Since beginning to track data breaches in 2005, ITRC had counted 9,395 breaches through October 3, 2018, involving more than 1.11 billion records.