Fewer breaches, more stolen data

2018 may have seen fewer breaches than 2017, but more sensitive information was compromised. According to a report by Identity Theft Resource Center and CyberScout, the number of exposed records more than doubled from 2017–2018.


  • The number of breaches went down by 388 in 2018
  • The number of exposed records containing sensitive data increased by 248.9 million
  • 1.68 billion “non-sensitive” data records were also breached
  • The business sector had the highest number of breaches
  • The health care sector had the highest number of exposures per breach

Data breaches

The EU GDPR (General Data Protection Regulation) applies to any organization processing and storing EU residents’ personal data, irrespective of the organization’s location or where the data is processed. North American organizations with any connection to the EU – whether through subsidiaries, customers, or suppliers – are likely within scope. Organizations should therefore take steps to determine whether the GDPR is applicable and consider revising their information handling processes to ensure compliance.

In some cases, the GDPR compliance steps will supplement existing measures that many North American organizations adopt as a matter of good practice and/or to comply with sector and state privacy laws such as HIPAA (Health Insurance Portability and Accountability Act).

Achieve GDPR compliance

GDPR Manager enables you to assess your data protection practices and manage some of the more arduous elements of GDPR compliance, such as recording and reporting data breaches, handling DSARs (data subject access requests), and determining whether third parties have suitable measures in place to protect personal data.