2016: Data Breach Statistics, Year until 10/19/2016

*The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

Zecurion offers deeper insight into selected incidents caused either by accidental or intentional data breaches. With all such incidents, the common elements describing the impact of this growing problem are financial loss, compromised intellectual property and dwindling customer confidence. Let us see how some sectors have been impacted as of October 2016. The excerpts below only provide a glimpse of some of these incidents – the list goes on.

Government

August 26, 2016 – County of Sacramento, California, issued a statement that an unknown number of records with personal data were exposed due to an error in the online automated application for Emergency Medical Service license. The information included name, address, social security number, driver’s license, phone number, date of birth of the applicants. Although there has been no report of misuse of PII, yet the county offered one year credit monitoring services of Experian to the affected people as a precaution.

Source: California Attorney General

 Healthcare

September 26, 2016 – One worker at Yale- New Haven Hospital and her friend were arrested for illegally procuring classified personal information of at least 20 near death patients and using the stolen data to obtain credit cards, becoming beneficiaries in their insurances among other planned crimes. This had been going on for two years before they were caught. A year’s credit monitoring has been offered to the victims.

Source: Media: News 3

August 12, 2016 – Bon Secours Health System disclosed that R-C Healthcare Management, a third-party vendor managing their Medicare and Medicaid reimbursement, accidentally left patients’ files accessible over the internet while updating network settings. About 665,000 records containing patient name, health insurer’s name, health insurance identification number, social security number and some health information was exposed to the general public. A forensic investigator was hired to correctly identify people that were affected by this breach and then informed about the incident. 435,000 were from Virginia and the rest were from Kentucky and South Carolina. No misuse of the exposed data has been reported so far.

Source: Media: http://www.nbcconnecticut.com/

Business

September 22, 2016 – Premier America Credit Union, California, reported that a departing employee sent an account list containing name, address and maybe social security and/or employer Identification number to his personal email address for most likely solicitation purposes in future. The employee was reminded of his obligations and company regulations and advised not to use any of this information for any purpose. The management further offered complimentary one year credit monitoring services of Experian to the victims.

Source: California Attorney General
August 8, 2016 – 7-Eleven reported that in June 2016 during a regular maintenance cycle some of the franchisees received the records of employees other than their own franchisee’s employees. The exposed information contained name, address, phone number and social security number of 7,820 employees. The correction was completed within 5 days. 7-Eleven offered 12 months of First Watch Technologies’ professional identity monitoring service to the victims in addition to $1,000,000.00 in identity theft insurance with no deductible.

Source: California Attorney General