Credit card numbers were involved in just under one-fifth of the 4,000-plus data breaches worldwide reported in 2016, data-security services provider Risk Based Security Inc. reported Wednesday.
RBS says the latest release of its annual Data Breach QuickView found that 4,149 data breaches occurred or became publicly known in 2016, down 4% from 4,326 incidents reported in 2015 although still up markedly from 3,275 in 2014. But the number of records compromised in 2016’s reported breaches quintupled to an all-time high 4.28 billion from 822 million reported for 2015.
“While the number of data breaches actually remained relatively flat from last year, the big story coming out of 2016 is obviously the massive increase in the number of records exposed.” Inga Goddijn, executive vice president at RBS, said in a statement.
Much of that increase can be attributed to the report’s two biggest listed breaches, both involving Yahoo! Inc. and which occurred before 2016. One, reported in December, exposed more than 1 billion records and was the largest data breach ever, RBS said. The breach compromised email addresses, user names, addresses, and other personal customer information. A separate Yahoo breach, disclosed in September, compromised 500,000 similar records.
Richmond, Va.-based RBS used its own applications that scour news feeds, blogs, and other information sources for breach information. Company staff also worked with the non-profit Open Security Foundation to gather information manually.
Single breaches often compromised multiple types of data. Card numbers were exposed in 19.3% of the breaches. Email addresses were exposed in 42.6% of the incidents to rank as the leading data type compromised. Next were passwords, 38.1%, and names, 35.1%. Social Security numbers were exposed in 16.4% of the breaches.
Some 53.3% of reported breaches resulted from hacking, which accounted for 91.9% of the exposed records, RBS said. Malicious software, while it gets a lot of attention, accounted for 4.5% of the reported breaches and only 0.4% of the records compromised.
The United States remains by far the leader among the 102 countries that sustained at least one reported data breach last year. The U.S. had 1,971 breaches, or 47.5% of the total, and U.S. companies and organizations accounted for 68.2% of the exposed records. The United Kingdom ranked second in breaches, with 204, followed by Canada with 119.