Since the Identity Theft Resource Center first began tracking reports of data breaches, there have been more than 5,000 - and a record-high number of breaches, 784, occurred in 2014 alone. Of these events, the highest percentage at 42.5% were medical and healthcare breaches.
In 2014, 33% of data breaches occurred in the business sector, 11.7% of breaches involved the government or military, educational institution breaches accounted for 7.3%, and the financial industry accounted for 5.5% of breaches.
The overwhelming majority of these data breaches were accomplished through hacking, in which criminals were able to access sensitive content through networks from outside the server. A concept known as “data on the move,” which refers to sensitive information stored on portable technology like flash drives, laptops, and even smartphones, accounted for the second highest number of breaches when that technology was lost or allowed to be compromised. Internal breaches, when an employee or third-party contractor accessed sensitive data without permission, were the third highest cause of leaks.
“The ubiquitous nature of data breaches has left some consumers and businesses in a state of fatigue and denial about the serious nature of this issue,” said Eva Velasquez, president and CEO of the ITRC. “While not all breaches will result in identity theft or other crimes, the fact that information is consistently being compromised increases the odds that individuals will have to deal with the fall out. The ITRC data breach reports are a necessary educational tool for businesses, government and advocates alike in our communication efforts.”
“It is important to note that the 5,000 breach milestone only encompasses those reported – many breaches fly under the radar each day because there are many institutions that prefer to avoid the financial dislocation, liability and loss of goodwill that comes with disclosure and notification,” said Adam Levin, founder and chairman of IDT911. “Additionally, not all businesses are required to report they’ve had a breach for a variety of reasons, which means the number of breaches and records affected is realistically much higher.”
The Identity Theft Resource Center uses this information to work towards better consumer protection, and to raise public awareness on the need for better personal data security. With a clearer picture of the cybercrime landscape, the ITRC can continue its mission of offering free assistance to consumers who’ve been affected by a data breach of some kind, as well as keep law enforcement and the IT sector up to date on the latest activities and vulnerabilities related to this type of crime.
The year-end report was unveiled at nearly the same that the Obama administration announced its plan for cybersecurity legislation that would alleviate some of the liability following an attack from companies who had voluntarily cooperated with the government’s cybersecurity information sharing initiatives. For a full look at the data breach report, see the ITRC's release for specific data.