SCOTTSDALE, Ariz.–Since 2005 there has been a 397% increase in data exposure incidents across financial services, business, education, government and healthcare sectors, according to the Identity Theft Resource Center (ITRC).
The IRTC is reporting that this week its Data Breach List hit a milestone of 6,013 reported data breach incidents. So far in 2016, nearly 6.2 million records have been compromised – adding to the more than 851 million records exposed over the last decade, according to the ITRC.
Although no two breaches are exactly alike, a common thread is the exposure of personal identifying information (PII), with 32.7% of breaches compromising Social Security numbers (SSNs) and nearly 13% exposing credit or debit card information, the ITRC said.
The healthcare sector was single-handedly responsible for 16.6% of the 245.2 million records exposing individuals’ SSNs – offering low-hanging fruit to identity thieves, particularly during tax season.
The IRS experienced a 400% surge in tax-related phishing and malware incidents during January and February of this year. SSNs are the golden ticket – the most critical piece of information – for fraudsters to effectively impersonate another individual.
“Tax refund fraud continues to rise creating almost unbearable issues for victims nationwide,” said Eva Velasquez, CEO of ITRC. “It is our belief that the 575 healthcare breaches since 2010 – that have exposed more than 142 million social security numbers – are contributing to this increase.”
The business sector, on the other hand, has accounted for 13.6% of 122.8 million records leaked with credit or debit card details, following high-profile hacks of major retailers like Target and Home Depot, according to the ITRC.
The good news for credit unions: financial, banking and credit sectors ranked lowest (2.6%) in breaches exposing SSNs.
The most data exposed (13.5 million records) by a bank, credit union, mortgage company or investment firm resulted from data on the move, just slightly higher than third-party breaches with 13.4 million records.
Companies need to create a culture of privacy and security from the mailroom to the boardroom,” said Adam Levin, chairman and founder of IDT911, and author of Swiped. “That means making the necessary investment in hardware, software and training. Raising employee cyber hygiene awareness is as essential as the air we breathe. Similarly, consumers should be on high alert and practice the 3 M’s: minimize their risk of exposure, monitor their accounts and have a damage control program in the event they are compromised.”