During the first quarter of 2016, there were a total of 227 data breaches reported, with 6,214,514 records compromised. Many of the breaches reported were unable to disclose the number of records, so the figures may seem low for the first quarter. We anticipate as the weeks progress, the numbers will be revealed and will be included in future reports.
Our report incorporates the following areas:
– 6 breaches reported / 4,382 records compromised
Representing only 2.6% of the total breaches reported, it is the smallest category of total breaches and records compromised through March 31st, 2016. Only 2 institutions reported the number of records affected, so numbers may seem small. In March, Wells Fargo ATM’s in California is the latest casualty reported with no numbers of exposed records yet released.
– 8 breaches reported / 102,459 records compromised
Representing only 3.5% of the total breaches reported through March, 2016, the government/military category has only one data breach reported since the significant breach occurred to the Department of Homeland Security/FBI and the IRS in January/February of this year. The Department of Human Services in Iowa is the only breach in this category reported with 425 records exposed.
– 22 breaches reported / 311,721 records compromised
The education market has seen an 83% increase in data breaches in the last two months; but the number of records affected remains low compared to other categories. Education represents 9.7% of all reported data breaches. Hardest hit is State Universities with Illinois State and Kentucky State the latest casualties on the data breach list. School districts are the second highest number of education categories hit this year, but not all numbers are reported. Community Colleges and High Schools are also on the list for March; so it appears all areas of education have been touched.
– 87 breaches reported / 3,879,043 records compromised
The number of breaches in the medical/healthcare field has increased 164% since January/February figures. While this category reports fewer breaches than the Business category, they still have the largest number of records compromised and represent 38.3% of all data breaches. The largest breach this quarter was 21st Century Oncology in Florida where 2,200,000 current and former patient records were copied and stolen when a hacker gained access to the patient database through the network server. Hacking and unauthorized access to network servers appears to be the reason behind over 50% of data breaches in the medical/healthcare field. A smaller percentage is from improper disposal of paper/films, theft, and loss of electronic devices.
Smaller private practices in dental, eye, and podiatry offices are now added to the breach list along with larger health care providers, clinics, and hospitals who are still in huge demand by hackers. The March attacks on Wal Mart and Walgreens pharmacies in Illinois demonstrate that no health care provider – big or small – is immune to hacker attacks to steal private information to sell on the black market.
– 104 breaches reported / 1,916,909 records compromised
The business category continues to increase by a shocking 181% from January/February statistics, now representing the largest percentage (45.8%) of data breaches reported. Verizon Enterprise Solutions was breached late in March, exposing over 1.5 million customer records, which are now being advertised for sale in the underground market.
In the first quarter of 2016, we saw a significant shift in hacker strategy moving away from the big-box retailers to a more consolidated approach against telecommunications. New technologies have been readily accepted by business as ways to improve productivity and increase profit margins, and nearly 80% of all businesses are using at least one cloud application today. As a result, data backup and recovery service companies are beginning to see the negative consequences from hacker activity. Acronis, Inc. Actifio, Seagate, and Netcracker Technology all reported data breaches in March. Adding to the list of technology-related breaches are software companies like Adreima (Healthcare software), Applied Systems (Insurance software), Lanyon (Event management), Information Innovators, and Pivotal Software. Also, companies who provide TV, Internet, Phone and Home Security services like Cox Communications and GCI were also breached in the month of March.
Often times, the reason for a data breach is the result of a “phishing” scam, where an unknown third party sends an email impersonating another employee, or even a CEO as in the case of Pivotal Software. The fraudulent message looks like a legitimate email message requesting personal information about employees, and the employee unknowingly sends it, only to have the message retrieved by a hacker. Phishing scams can also come in the form of a link or a picture sent by a friend. A data breach like this can sit undetected for months, causing irreparable damage to the business owner.
For more information on data breaches in 2016, visit Identity Theft Resource Center.
One of the ways to keep on top of reducing the risk of a data breach is to conduct a thorough network security audit. An annual audit, is a cost-effective way to protect your data, your reputation, and your customers. Contact Net56 for more information and a free quote.