The number of U.S. data breaches continues to grow dramatically, data from a report released by the Identity Theft Resource Centre (ITRC) and CyberScout shows, but the true growth rate is tougher to determine.
Tracked data breaches in 2016 totaled 1,093 a 40 per cent increase over 2015’s 780, but is fraud that much more prevalent or are breaches just better reported?
ITRC president and CEO Eva Velasquez said CyberScout has helped them better track incidents through direct contact with attorneys general and Freedom of Information Act requests.
“For the past 10 years, the ITRC has been aware of the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available.”
Ms. Velasquez said more states publicize data breaches on their websites. The ITRC’s Data Breach Report 2016 has information from more than one dozen such agencies.
The business sector was once again the most victimized area with 494 incidents representing 45.2 per cent of all breaches. Health care and medical services placed second at 377 beaches (34.5 per cent).
Hacking, skimming and phishing attacks accounted for more than half of all breaches. CEO spear phishing efforts, aka business email compromise schemes, are the most common type. Due to a 400 per cent rise in such attacks, the IRS issued both consumer and industry alerts on them in 2016.
Social Security Numbers were exposed in 52 per cent of breaches in 2016, an 8.2 per cent increase over 2015. That coincides with CEO spear phishing attempts which target this kind of information, ITRC said in a release.