U.S. breaches are on a record pace, again, following a record-breaking 2016, according to a report from the San Diego-based Identity Theft Resource Center and Providence, R.I.-based CyberScout (formerly IDT911).
The number of U.S. data breaches tracked through June 30, 2017 hit a half-year high of 791. This represents a significant jump of 29% over 2016 figures during the same period. At this pace, ITRC anticipates the number of breaches could reach 1,500 in 2017, a 37% annual increase over 2016, when breaches reached a record high of 1,093 incidents. The breaches so far exposed 12,389,462 reported records.
Broken down by industry category:
- Business = 61%
- Medical/Healthcare = 24.3%
- Educational = 8.7%
- Banking/Credit/Financial = 4.2%
- Government/Military = 1.7%
Hacking, which includes phishing, ransomware/malware and skimming, was the leading cause of data breaches in the first half of 2017. To date, 63% of the overall breaches involved hacking as the primary method of attack, an increase of 5% over 2016 figures. Within the hacking category, phishing was involved in nearly half (47.7%) of these attacks. Ransomware/malware, newly added in 2017, represents 18.5% of hacking attacks.
Following are the biggest Top 3 2017 U.S. data breaches, at the halfway point, based on confirmed, exposed personally identifiable information records.
1. America’s Joblink Alliance: 4,800,000 records
The information exposed included the names, Social Security numbers and birthdates of job seekers in Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. According to the Idaho Department of Labor, the breach compromised as many as 4.8 million accounts nationwide. On February 20, according to AJL, a hacker created a new account, then exploited a vulnerability to access other job seekers’ information. America’s Job Link Alliance – Technical Support said in a statement that it first noticed unusual activity on March 12, and confirmed the breach on March 21st.
2. Schoolzilla: 1.3 Million Records
A California student data warehouse platform, Schoolzilla first acknowledged the breach on April 12 in a message on its website, which informed customers: “A well-known computer security researcher was doing a targeted analysis of Schoolzilla when he uncovered a file configuration error.” The exposed information included the names, addresses, birth dates and test scores of 14,000 current and former students in the Palo Alto school district and more than a million Social Security numbers of other individuals.
3. Washington State University – Social & Economic Sciences: 1 Million Records
The university learned about the theft of a locked safe containing a hard drive. Not all of the information on the drive was encrypted and the school determined the hard drive contained some personal information, including names and addresses.
See the full list article in the July 26 edition of CUTimes.
