There have been 456 data breaches reported in the US so far this year, and 7.9 million records have been exposed, according to the latest Identity Theft Resource Center (ITRC) report.
Over 60% of exposed records come from last month’s disclosure of a data breach at America’s Job Link Alliance. The employment agency revealed that it had exposed personal information of 4.8 million job seekers across 10 states – Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.
Business sector is the most breached
Of the five categories tracked by the ITRC, the business sector is the most hacked by a wide margin – both in the number of breaches reported and the number of records exposed.
It has so far been responsible for over half (54.2%) of disclosed data breaches:
- Business: 247 (54.2%)
- Medical/healthcare: 109 (23.9%)
- Educational: 63 (13.8%)
- Government/military: 25 (5.5%)
- Banking/credit/financial: 12 (2.6%)
It has also been responsible for over three quarters (78.0%) of the total number of exposed records in instances where those numbers have been revealed:
- Business: 6,194,791 (78.0%)
- Medical/healthcare: 1,505,534 (19.0%)
- Government/military: 176,283 (2.2%)
- Education: 41,448 (0.5%)
- Banking/credit/financial: 20,000 (0.3%)
The actual number of exposed records is likely to be much higher, given that the ITRC can only report the number of exposed records when this information is both known and disclosed. In the majority of cases, this does not happen.
Only 167 (37%) of the reported data breaches include the number of records that were exposed. In the business sector, only 34 breaches were accompanied with the number of records affected, and this information is included in just one of the breaches in the banking/credit/financial sector.
These figures mirror those of Gemalto’s latest Breach Level Index report, which concluded that the inability to identify or disclose breaches is a big concern. Breaches that take time to identify and assess give hackers “the time to conduct the most drastic breaches like data integrity attacks,” the report claimed. “Organizations base their decisions on the data they have access to and often rely heavily on its validity.”
Protect your organization
The best way to make sure your organization is cyber secure is to have an effective information security management system (ISMS) in place, as described in the international standard ISO 27001.
A systematic approach to managing confidential or sensitive corporate information, ISO 27001 covers people, processes, and technology, understanding that information security is not about technology alone.
To help businesses implement ISO 27001, IT Governance has created a range of packaged solutions. Blending expert-developed tools and resources, they can be accessed online and deployed anywhere in the world.