The main cause of data breaches in the United States is still hacking according to a new report released by the Identity Theft Resource Center (ITRC). The report also shows that in the year to June 30, 2017, U.S data breaches have hit a record high, with 791 confirmed data breaches reported.
The data breach count has increased by 29% since the report was issued last year, with ITRC expecting the data breaches to reach 1,500 by the end of the year. That would represent a 37% increase from 2016, which was also a record-breaking year with 1,093 data breaches reported.
While the reporting of data breaches is improving, a record number of organizations have withheld details of the extent of the breaches. ITRC reports that 67% of breach reports and public notices did not detail the number of records that were exposed or stolen in the attacks. That represents a 13% increase since last year.
The 10-year average is 43%, showing that it is now increasingly common for the extent of breaches not to be reported. This makes it harder to assess the impact of data breaches and produce meaningful statistics.
Eva Velasquez, ITRC President and CEO, said “The number of records breached in a specific incident allows us to provide more insight into the scope of this problem, and is a necessary next step in our advocacy efforts.”
While organizations in the healthcare industry in the United States are required to report breach totals under HIPAA/HITECH, the same is not true in many industries.
ITRC says the healthcare industry leads the way when it comes to transparency. That said, even though it is mandatory for the number of records exposed in data breaches to be reported, only 81.5% breaches reported to the HHS’ Office for Civil Rights in the first half of the year included the number of records – the same level as last year. ITRC points out that this is mostly due to HITECH not requiring details of data breaches only affecting employees to be reported.
In 2017, the industries most commonly attacked have been the business sector (54.7% of breaches), the healthcare industry (22.6% of breaches), the education sector (11% of breaches) and the banking and financial service sector (5.8% of breaches).
The main cause of data breaches in 2017 is hacking, which was behind 63% of data breaches – a 5% increase year on year. The second biggest cause of data breaches in 2017 was employee error/negligence and improper disposal, which caused 9% of breaches, followed by accidental exposure on the internet which accounted for 7% of breaches.
When calculating the figures for hacking, ITRC included ransomware and phishing attacks. Phishing was behind nearly half of the hacking incidents (47.7%), while ransomware attacks accounted for 18.5% of attacks.