Data Breaches Set Record in 2014
Last year--and yes, it was only just over a month ago--didn't it seem like every week there was yet another report of a data breach or a store or company that had its information hacked? That's probably because there was. The Identity Theft Resource Center (ITRC) found that the number of data breaches in the U.S. hit an all-time high last year.
The ITRC recently released its ITRC 2014 Breach List, a report it conducted with sponsorship from IDT911, an identity theft protection company. The report tracked 783 data breaches last year, which was a 27.5 percent increase over 2013. It even beat the previous high--662 breaches in 2010--by 18.3 percent.
Even though Target, Staples, Neiman Marcus, Home Depot and many other stores reported data breaches that potentially exposed thousands of consumers' personal information and/or credit information, ITRC found that the Business sector wasn't responsible for most of the identified breaches in 2014. That distinction went to the Medical/Healthcare industry, with 42.5 percent of breaches. Businesses followed just behind that with 33 percent. The Government/Military and Education sectors came next, with 11.7 percent and 7.3 percent respectively. The Banking/Credit/Financial sector had the fewest breaches in 2014, with 5.5 percent.
"With an average of 15 breaches a week in 2014, consumers need to be made aware of the risk of exposure to personal identifying information in order to understand the threat posed by this growing list of data breach incidents," said Eva Velasquez, president and CEO of ITRC in a statement.
“The ubiquitous nature of data breaches has left some consumers and businesses in a state of fatigue and denial about the serious nature of this issue. While not all breaches will result in identity theft or other crimes, the fact that information is consistently being compromised increases the odds that individuals will have to deal with the fall out," said Velasquez.
Data thieves preferred to hack their targets in 2014, with 29 percent of the breaches tracked coming as a result of hacking attacks. The next most popular way to steal data was through Subcontractors/Third Parties, who were responsible for 15.1 percent of attacks.
However, direct attacks and access to data weren't always the way information was leaked. The ITRC found that 11.5 percent of data breaches occurred due to information being accidentally exposed, which was an increase from the 7.5 percent logged in 2013. The lowest cause of breaches in 2014 was from a category called Data on the Move, which includes storage devices or laptops that are lost in transit.
The ITRC doesn't think the breaches will let up in 2015. “Without a doubt, 2015 will see more massive takedowns, hacks, and exposure of sensitive personal information like we have witnessed in years past,” said Adam Levin, founder and chairman of IDT911, in a statement. “Medical data and business information like intellectual property will be prime targets, with cyber thieves looking for opportunistic financial gain based on black market value, corporate extortion and cyber terrorism.”
Since 2005, ITRC has tracked 5,029 breaches that potentially exposed an estimated 675 million records of information.
“It is important to note that the 5,000 breach milestone only encompasses those reported – many breaches fly under the radar each day because there are many institutions that prefer to avoid the financial dislocation, liability and loss of goodwill that comes with disclosure and notification,” said Levin. “Additionally, not all businesses are required to report they’ve had a breach for a variety of reasons, which means the number of breaches and records affected is realistically much higher.”