When the Target data breach hit during the holiday shopping rush in December, 2013, security experts and other observers declared 2013 the worst year for breaches ever. Neiman Marcus, eBay, and Michaels Stores were hit the following year. Again, the predictors of doom called 2014 the worst year ever. However, 2015 has already toppled past record according to statistics from the Privacy Rights Clearinghouse (PRC). In fact, this year has already topped all previous records decisively.
PRC has been tracking breaches since 2005. In the majority of those breaches, the number of records compromised is listed as ‘unknown.’ That means that breached organizations either could not provide a numbers count or decided to keep those details private. Even with those missing figures, 2015 has seen more than double the number of records compromised.
In 2012, PRC documented 680 breaches impacting nearly 28 million individual records. By 2014, that number had jumped to nearly 68 million individuals at while the number of breaches dropped to 297. By the end of August 2015, the group documented just 92 breaches but 121,221,707 individual files compromised with months still left on the calendar.
A handful of massive breaches are linked to this year’s surge in problems:
- Anthem Blue Cross/Blue Shield reported 80 million files hacked
- Ashley Madison added 37 million to the total
- The Office of Personnel Management (OPM) added another 21.5 million
- Premera Blue Cross’ breach hit 11 million
- UCLA Health contributed 4.5 million to the total
More alarming is the fact that these massive breaches all included far more data than credit card numbers. Anthem, OPM and UCLA Health resulted in compromised Social Security Numbers for over 100 million individuals. In many of the health-related breaches, there was also a loss of medical insurance data that could lead to medical identity theft. The Ashley Madison breach involved sensitive information of a different sort about would-be cheaters. With all this data compromised, the odds of major identity theft or other unpleasant consequences are high for millions and millions of individuals.
Since 2005, PRC has documented a total of 857,702,257 records breached from 4,594 breach incidents. But there’s even more to the story – the uncounted number of breaches that never hit the news.
“If a breached entity has failed to notify its customers or a government agency of a breach, then it is unlikely that the breach will be reported anywhere,” PRC points out.
If you are aware of a breach that is not included in the PRC list, let us know. You can also share your findings with PRC at privacyrights.org.
If you know about an unreported data breach, we want to hear from you. Contact firstname.lastname@example.org.