A recent security breach at a fast food restaurant may put customers who used their debit or credit cards at risk. An investigation found there was evidence on its computer systems that indicated a compromise of customer information at approximately 10 locations.
Did you know there was a 40% increase in data breaches from 2015 to 2016?
A report from CyberScout and the Identity Theft Resource Center (IRTC) on the numbers around publicly reported breaches found that in 2016, there were a total of 1,093 incidents in 2016, up from 780 in 2015, a new record in reported numbers.
The report shows that 52% of data breaches exposed Social Security Numbers, an increase of 8.2% over 2015 figures; but only 13% of data breaches exposed credit card or debit card information, a somewhat comforting decrease of 7.4% from 2015.
Since 2005, the ITRC has been identifying data breaches in five industry sectors.
In 2016, the business sector again topped the list in the number of data breach incidents, with 494 reported, representing 45.2 percent of the overall number of breaches. This was followed by the healthcare/medical industry (377 incidents), representing 34.5 percent of the overall total. The education sector (98) followed at 9.0 percent, the government/military (72) at 6.6 percent and the banking/credit/financial sector (52) at 4.8 percent.
For the eighth consecutive year, hacking/skimming/phishing attacks were the leading cause of data breach incidents, accounting for 55.5 percent of the overall number of breaches, which is an increase of 17.7 percent over 2015 figures. Of these, many were a result of CEO spear phishing efforts (also known as business email compromise schemes) in which highly sensitive data, typically information required for state and federal tax filings, was exposed. As early as February, the IRS had already seen a 400% surge in this type of activity prompting both consumer and industry alerts addressing this issue.
According to the ITRC, the database compromises of 2016 confirmed yet again that breaches are the third certainty in life and we are all living in a constant state of cyber insecurity.
Why? Hackers and identity thieves continue to evolve, employing sophisticated and creative techniques to get what they are after, Personally Identifiable Information (PII). In fact, more than half of the breaches reported by the ITRC included the skeleton key to our lives: the Social Security Number. This trend, which has accelerated since 2015, represents the point of no return for millions of Americans.
While credit and debit card numbers can be changed, Social Security Numbers cannot.
As defined by the U.S. Office of Management and Budget (OMB), PII is information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth and mother’s maiden name.
Today, organizations must limit the use, collection, and retention of PII to only what is critically necessary for organizational purposes. Many times, for many enterprises in all markets, it is not readily known what information is stored and where it is located to effectively manage and protect it. A good practice for today's enterprises is reduction of overall volume of PII and creation of newly defined procedures to avoid PII storage unless absolutely necessary.
What are your thoughts on protecting PII? Let us know in our Leave a Comment section below!