The number of known data breaches fell 24% in 2018, but the number of compromised records that contained sensitive personally identifiable information more than doubled from 2017’s levels to over 450 million, according to the Identity Theft Resource Center’s latest annual data-breach review.
The San Diego-based non-profit and partner CyberScout LLC, a data-security services provider, say 2018 saw 1,244 data breaches compared with 1,632 the year before. But 446.5 million business, education, payment card, financial, health-care, and other records with personally identifying information were compromised, a 126% increase from 197.6 million in 2017.
“The increased exposure of sensitive consumer data is serious,” ITRC president and chief executive Eva Velasquez said in a news release. “Never has there been more information out there putting consumers in harm’s way. ITRC continues to help victims and consumers by providing guidance on the best ways to navigate the dangers of identity theft to which these exposures give rise.”
Some 224 of last year’s breaches involved credit and/or debit card data, along with other data in some cases, down 28% from 312 in 2017, an ITRC spokesperson tells Digital Transactions News by email. But the number of actual cards compromised each year was not immediately available.
Last year had its share of notable card-involved breaches, however. A breach at retailer Hudson’s Bay Co., owner of the Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor chains, exposed payment card information on 5 million shoppers.
The compromise of Marriott International Inc.’s Starwood reservation system, which began in 2014 and lasted until September 2018, compromised 500 million guest records and related data, including 8.6 million encrypted payment card records. All but 354,000 of the cards https://www.digitaltransactions.net/marriott-updates-breach-numbers-says-354000-unexpired-cards-compromised/ were expired.
The number of records compromised in many publicly reported breaches often is unknown, according to the ITRC database. The ITRC generates its findings from media reports, governmental records, and other sources.
The ITRC said another critical finding in the 2018 study was the number of non-sensitive records compromised—email addresses, passwords, usernames, and other data—through data breaches. Those records totaled 1.68 billion. The exposures stemmed from 37 of the 1,244 breaches.
While email addresses are not considered sensitive personal information, a majority of consumers use the same username-and-password email combinations across multiple platforms, creating serious vulnerabilities, according to the ITRC and Scottsdale, Ariz.-based CyberScout.
“When it comes to cyber hygiene, email continues to be the Achilles Heel for the average consumer,” Adam Levin, CyberScout founder and chairperson, said in the release. “There are many strategies consumers can use to minimize their exposure, but the takeaway from this year’s report is clear: Breaches are the third certainty in life, and constant vigilance is the only solution.”