Data Breaches Hit All-Time High in U.S.

In 2016 the number of reported data breaches in the U.S. increased by 40% over 2015 levels. Worryingly, more than half of data breaches resulted in the exposure of Social Security numbers, increasing the risk of identity theft.

72 percent of breached records were exposed due to hacking, skimming or spear-phishing attacks. This continues a drastic increase in those type of attacks since 2009 when they first became the leading cause of breaches.

What is not clear is whether the increase in breaches is due to more state agencies publicly sharing information, more organizations discovering breaches than before or if the total number of data breaches actually is increasing – or some combination of all three.

In 2016 there were 1,093 reported U.S. data breaches, leading to the exposure of 36.6 million records. In 51% of those reported breaches the total number of records exposed was either unknown or unreported and we don’t know how many other breaches may have occurred but are as of yet undetected. This is especially problematic because in most cases record-setting breaches are of a size and severity that’s never been seen before, or may have used previously unseen attack techniques.

Every organization needs to be aware of the threats they face from hackers and other cyber-criminals. Here are just a few recent examples.

  1. OPM: The 2015 U.S. Office of Personnel Management breach resulted in the loss of personal information for 21.5 million individuals, including biometric data. China is suspected of being responsible for the attack.
  2. Yahoo: The search giant in 2016 discovered the full extent of two different historical mega-breaches. One involved the compromising of 1 billion records while the resulted in 500 million records being exposed.
  3. DNC: The U.S. intelligence community has blamed Russia for attempting to interfere in the 2016 U.S. Presidential Elections by hacking and leaking documents from the Democratic National Committee and others.

What record-breaking breaches simply haven’t yet come to light? While breaches at large organizations like the ones listed above and the Chase breach get all of the attention in the national news there remains a constant, and escalating, threat to every organization that has access to valuable personal information.

Community banks and credit unions should remain vigilant and ensure that their policies and procedures are not putting their customers at risk. For more information on how you can keep your customers and your institution protected call ITPAC today.