The number of data breaches disclosed by organizations in the United States has increased by 40 percent in 2016 compared to the previous year, according to a report released on Thursday by CyberScout (formerly IDT911) and the Identity Theft Resource Center (ITRC).
ITRC has counted 1,093 breaches and more than 36 million exposed records across sectors such as financial, business, education, government and military, and healthcare. While this is an all-time record high and a significant increase from the 780 breaches reported in 2015, experts believe this upwards trend is also due to more states disclosing incidents on their websites.
It’s also worth noting that while 36 million records might not seem much, ITRC has pointed out that half of the breach notifications did not disclose the number of exposed records.
Nearly half of the data breaches disclosed last year affected the business sector (494), followed by healthcare (377), education (98), government (72) and financial (52). Hacking, phishing and skimming attacks, including business email compromise (BEC) schemes, accounted for more than 55 percent of incidents.
ITRC has determined that at least 52 percent of the breaches reported in 2016 involved social security numbers and 13 percent involved payment cards. While the number of incidents exposing credit and debit cards has decreased compared to 2015, exposure of SSNs increased by 8.2 percent.
“More than half of the breaches reported by the ITRC included the skeleton key to our lives: the Social Security number. This trend, which has accelerated since 2015— when just four breaches exposed over 120 million Social Security numbers to state-sponsored hackers and cyber criminals— represents the point of no return for millions of Americans,” said Adam Levin, Chairman and Founder of CyberScout. “While credit and debit card numbers can be changed, SSNs cannot. Therefore, monitoring and damage control become even more important than ever before.”
The complete list of breached organizations and information on each incident are available in ITRC’s 2016 Data Breach Report.
Related Reading: Breach Detection Time Improves, Destructive Attacks Rise
Related Reading: Over 700 Million Data Records Compromised in 2015
Related Reading: 400,000 Records Exposed in Michigan State University Breach

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
