The number of data breaches disclosed by organizations in the United States has increased by 40 percent in 2016 compared to the previous year, according to a report released on Thursday by CyberScout (formerly IDT911) and the Identity Theft Resource Center (ITRC).
ITRC has counted 1,093 breaches and more than 36 million exposed records across sectors such as financial, business, education, government and military, and healthcare. While this is an all-time record high and a significant increase from the 780 breaches reported in 2015, experts believe this upwards trend is also due to more states disclosing incidents on their websites.
It’s also worth noting that while 36 million records might not seem much, ITRC has pointed out that half of the breach notifications did not disclose the number of exposed records.
Nearly half of the data breaches disclosed last year affected the business sector (494), followed by healthcare (377), education (98), government (72) and financial (52). Hacking, phishing and skimming attacks, including business email compromise (BEC) schemes, accounted for more than 55 percent of incidents.
ITRC has determined that at least 52 percent of the breaches reported in 2016 involved social security numbers and 13 percent involved payment cards. While the number of incidents exposing credit and debit cards has decreased compared to 2015, exposure of SSNs increased by 8.2 percent.
“More than half of the breaches reported by the ITRC included the skeleton key to our lives: the Social Security number. This trend, which has accelerated since 2015— when just four breaches exposed over 120 million Social Security numbers to state-sponsored hackers and cyber criminals— represents the point of no return for millions of Americans,” said Adam Levin, Chairman and Founder of CyberScout. “While credit and debit card numbers can be changed, SSNs cannot. Therefore, monitoring and damage control become even more important than ever before.”
The complete list of breached organizations and information on each incident are available in ITRC’s 2016 Data Breach Report.
Related Reading: Breach Detection Time Improves, Destructive Attacks Rise
Related Reading: Over 700 Million Data Records Compromised in 2015
Related Reading: 400,000 Records Exposed in Michigan State University Breach

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
- Apple Patches Exploited iOS Vulnerability in Old iPhones
- FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist
Latest News
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- Tenable Launches $25 Million Early-Stage Venture Fund
- 820k Impacted by Data Breach at Zacks Investment Research
- Mapping Threat Intelligence to the NIST Compliance Framework Part 2
- Hive Ransomware Operation Shut Down by Law Enforcement
- US Government Agencies Warn of Malicious Use of Remote Management Software
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
