Experts surmise that growing trend of healthcare breaches exposing Social Security numbers account for increase in tax-related identity theft 

In 2005, the Identity Theft Resource Center (ITRC) began monitoring and tallying the ever-growing number of U.S. security breaches. Since then, with ongoing support from IDT911™, the organization has seen a 397 percent increase in data exposure incidents across financial services, business, education, government and healthcare sectors.  This week, the ITRC’s Data Breach List hit a milestone of 6,013 reported data breach incidents. So far in 2016, nearly 6.2 million records have been compromised – adding to the more than 851 million records exposed over the last decade.


Although no two breaches are exactly alike, a common thread is the exposure of personal identifying information (PII), with 32.7 percent of breaches compromising Social Security numbers (SSNs) and nearly 13 percent exposing credit or debit card information.

The healthcare sector was single-handedly responsible for 16.6 percent of the 245.2 million records exposing individuals’ SSNs – offering low-hanging fruit to identity thieves, particularly during tax season.

The IRS experienced a 400 percent surge in tax-related phishing and malware incidents during January and February of this year[1]. SSNs are the golden ticket – the most critical piece of information – for fraudsters to effectively impersonate another individual.

“Tax refund fraud continues to rise creating almost unbearable issues for victims nationwide,” said Eva Velasquez, CEO of ITRC. “It is our belief that the 575 healthcare breaches since 2010[2]  –that have exposed more than 142 million social security numbers – are contributing to this increase”.

The business sector, on the other hand, has accounted for 13.6 percent of 122.8 million records leaked with credit or debit card details, following high-profile hacks of major retailers like Target and Home Depot.

Additional data points across all five sectors, from 2005 to present, include:


  • Security incidents have increased dramatically across retail, hospitality, transportation, trade and other professional entities, accounting for 35.6 percent of U.S. breaches and a total of 399.4 million records compromised.
  • This sector has experienced the most hacking-related incidents (809 total), impacting 360.1 million records.


  • Of the more than 176.5 million medical and healthcare records exposed since 2005, slightly more than 1.5 million have been physically stolen since 2014. More than 131 million records have been exposed due to hacking since 2007 and 17.2 million have been exposed by Data on the Move.
  • Employee error/negligence and insider theft resulted in a total of 371 healthcare-related breaches.


  • More than 2.4 million records from public or private educational facilities have been disclosed accidentally via e-mail or the Internet.
  • The education sector ranked lowest (0.7 percent) in breaches due to insider theft.


  • 57.4 million government and military members’ SSNs have been exposed, whereas less than 389,000 credit or debit card numbers were compromised in this sector.
  • Compared to the healthcare sector, government employee error and/or negligence initiated a total of 61 breaches, but led to more records exposed (7 million total).

Financial Services

  • Financial, banking and credit sectors ranked lowest (2.6 percent) in breaches exposing SSNs.
  • The most data exposed (13.5 million records) by a bank, credit union, mortgage company or investment firm resulted from data on the move, just slightly higher than third-party breaches with 13.4 million records.

“From hotel chains, medical centers and healthcare insurers to universities, retailers and the government, data breaches have become the third certainty in life – disrupting and endangering lives as well as damaging the reputations and balance sheets of countless organizations,” said Adam Levin, chairman and founder of IDT911 and author of Swiped. “Companies need to create a culture of privacy and security from the mailroom to the boardroom. That means making the necessary investment in hardware, software and training. Raising employee cyber hygiene awareness is as essential as the air we breathe. Similarly, consumers should be on high alert and practice the 3 M’s: minimize their risk of exposure, monitor their accounts and manage the damage in the event they are compromised.”

To learn more about IDT911 and how its services can help attract and retain customers, create a new revenue stream and increase brand loyalty, visit

For additional information, please visit:

About IDT911™

IDT911 is the leading provider of services that help businesses and their customers defend against data breaches and identity theft. IDT911’s unique approach—delivering proactive protection, preventive education, and swift resolution—offers unrivalled support for more than 660 client partners and 17.5 million households. With its wholly owned subsidiary, IDT911 Consulting™, IDT911 delivers information security and data privacy expertise to help businesses avert and respond to data loss. Based in Scottsdale, Ariz., the company has several locations in the U.S. and Canada, as well as in Ireland to serve partners in Europe.   

About the ITRC®

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud and privacy issues. The ITRC provides victim assistance and consumer education through its toll-free call center, website and highly visible social media efforts. Visit Victims may contact the ITRC at 888-400-5530.





[2]Actual number of breaches in the Medical/Healthcare industry since 2010 totals 1,315.  Of these, 575 incidents involved Social Security numbers.


ITRC Sponsors and Supporters





Go to top