September , 2019 DATA BREACH REPORTS

[Pages:25]DATA BREACH REPORTS

September 30, 2019

CONTENTS

Information & Background on ITRC .........3 Methodology ............................................4 ITRC Data Breach Report .........................5 ITRC Breach Category Summary ..............8 ITRC Breach List ......................................9

,QIRUPDWLRQDQG%DFNJURXQGRQ,75&

,QIRUPDWLRQPDQDJHPHQWLVFULWLFDOO\LPSRUWDQWWRDOORIXVDVHPSOR\HHVDQGFRQVXPHUV)RU WKDWUHDVRQWKH,GHQWLW\7KHIW5HVRXUFH&HQWHUKDVEHHQWUDFNLQJVHFXULW\EUHDFKHVVLQFH ORRNLQJIRUSDWWHUQVQHZWUHQGVDQGDQ\LQIRUPDWLRQWKDWPD\EHWWHUKHOSXVWRHGXFDWH FRQVXPHUVDQGEXVLQHVVHVRQWKHQHHGIRUXQGHUVWDQGLQJWKHYDOXHRISURWHFWLQJSHUVRQDO LGHQWLI\LQJLQIRUPDWLRQ :KDWLVDEUHDFK"7KH,75&GHILQHVDGDWDEUHDFKDVDQLQFLGHQWLQZKLFKDQLQGLYLGXDOQDPH SOXVD6RFLDO6HFXULW\QXPEHUGULYHU?VOLFHQVHQXPEHUPHGLFDOUHFRUGRUILQDQFLDOUHFRUGFUHGLW GHELWFDUGVLQFOXGHG LVSRWHQWLDOO\SXWDWULVNEHFDXVHRIH[SRVXUH7KLVH[SRVXUHFDQRFFXU HLWKHUHOHFWURQLFDOO\RULQSDSHUIRUPDW7KH,75&ZLOODOVRFDSWXUHEUHDFKHVWKDWGRQRWE\WKH QDWXUHRIWKHLQFLGHQWWULJJHUGDWDEUHDFKQRWLILFDWLRQODZV*HQHUDOO\WKHVHEUHDFKHVFRQVLVWRI WKHH[SRVXUHRIXVHUQDPHVHPDLOVDQGSDVVZRUGVZLWKRXWLQYROYLQJVHQVLWLYHSHUVRQDO LGHQWLI\LQJLQIRUPDWLRQ7KHVHEUHDFKLQFLGHQWVZLOOEHLQFOXGHGE\QDPHEXWwithoutWKHWRWDO QXPEHURIUHFRUGVH[SRVHGLQWKHFXPXODWLYHDQQXDOWRWDO 7KHUHDUHFXUUHQWO\WZR,75&EUHDFKUHSRUWVZKLFKDUHXSGDWHGDQGSRVWHGRQOLQHRQDZHHNO\ EDVLV7KH ITRC Breach ReportSUHVHQWVGHWDLOHGLQIRUPDWLRQDERXWGDWDH[SRVXUHHYHQWVDORQJ ZLWKUXQQLQJWRWDOVIRUDVSHFLILF\HDU%UHDFKHVDUHEURNHQGRZQLQWRILYHFDWHJRULHVDVIROORZV EXVLQHVVEDQNLQJFUHGLWILQDQFLDOHGXFDWLRQDO*RYHUQPHQW0LOLWDU\DQGPHGLFDOKHDOWKFDUH7KH ITRC Breach Stats ReportSURYLGHVDVXPPDU\RIWKLVLQIRUPDWLRQE\FDWHJRU\2WKHUPRUH GHWDLOHGUHSRUWVPD\EHJHQHUDWHGRQDTXDUWHUO\EDVLVRUDVGLFWDWHGE\WUHQGV ,WVKRXOGEHQRWHGWKDWGDWDEUHDFKHVDUHQRWDOODOLNH6HFXULW\EUHDFKHVFDQEHEURNHQGRZQ LQWRDQXPEHURIDGGLWLRQDOVXEFDWHJRULHVE\ZKDWKDSSHQHGDQGZKDWLQIRUPDWLRQGDWD ZDV H[SRVHG:KDWWKH\DOOKDYHLQFRPPRQLVWKH\XVXDOO\FRQWDLQSHUVRQDOLGHQWLI\LQJLQIRUPDWLRQ 3,, LQDIRUPDWHDVLO\UHDGE\WKLHYHVLQRWKHUZRUGVQRWHQFU\SWHG 7KH,75&FXUUHQWO\WUDFNVVHYHQFDWHJRULHVRIGDWDORVVPHWKRGV,QVLGHU7KHIW+DFNLQJZKLFK LQFOXGHV6SHDUSKLVKLQJ5DQVRPZDUHDQG6NLPPLQJ 'DWDRQWKH0RYH(PSOR\HHHUURU 1HJOLJHQFH,PSURSHUGLVSRVDO/RVW$FFLGHQWDOZHE,QWHUQHW([SRVXUH3K\VLFDO7KHIWDQG 8QDXWKRUL]HG$FFHVV3OHDVHQRWHWKDW$FFLGHQWDOHPDLOSUHYLRXVO\LQFOXGHGZLWK$FFLGHQWDO ZHE,QWHUQHW([SRVXUHKDVEHHQUHFDWHJRUL]HGXQGHUWKH(PSOR\HHHUURU1HJOLJHQFH,PSURSHU GLVSRVDO/RVWFDWHJRU\ 6XEFRQWUDFWRU7KLUG3DUW\%$LVLQFOXGHGKHUHEXWLVFRPELQHGZLWKRQH RIWKHDERYH,QWKHVHDVZHOODVVRPHRWKHUEUHDFKHVWKHUHPD\EHPRUHWKDQRQHFDWHJRU\ FKHFNHG 7KH,75&EUHDFKOLVWDOVRWUDFNVW\SHVRILQIRUPDWLRQFRPSURPLVHG

x 6RFLDO6HFXULW\QXPEHU x &UHGLW'HELW&DUGQXPEHU x 3URWHFWHG+HDOWK,QIRUPDWLRQ3+, x '095HFRUGV x )LQDQFLDO$FFRXQWV x (PDLO3DVVZRUG8VHU1DPH x 2WKHU8QGHILQHG7\SHRI5HFRUGV

0HWKRGRORJ\

7KH,75&EUHDFKOLVWLVDFRPSLODWLRQRIGDWDEUHDFKHVFRQILUPHGE\YDULRXVPHGLDVRXUFHVRU QRWLILFDWLRQOLVWVIURPVWDWHJRYHUQPHQWDODJHQFLHV7KLVOLVWLVXSGDWHGGDLO\DQGSXEOLVKHGHDFK 7XHVGD\

%UHDFKHVRQWKLVOLVWW\SLFDOO\KDYHH[SRVHGLQIRUPDWLRQZKLFKFRXOGSRWHQWLDOO\OHDGWRLGHQWLW\WKHIW LQFOXGLQJ6RFLDO6HFXULW\QXPEHUVILQDQFLDODFFRXQWLQIRUPDWLRQRUPHGLFDOLQIRUPDWLRQ,75& IROORZV86)HGHUDOJXLGHOLQHVDERXWZKDWFRPELQDWLRQRISHUVRQDOLQIRUPDWLRQFRPSULVHDXQLTXH LQGLYLGXDODQGWKHH[SRVXUHRIZKLFKZLOOFRQVWLWXWHDGDWDEUHDFK

5HFRUGV5HSRUWHG

7KLVILHOGKDVEHHQFKDQJHGWRPRUHDFFXUDWHO\UHIOHFWWKHFLUFXPVWDQFHVVXUURXQGLQJWKHQXPEHU RIUHFRUGVH[SRVHG7KHQXPHUDO??KDVEHHQUHSODFHGZLWK?8QNQRZQ?UHFRJQL]LQJWKHQXPEHU RIUHFRUGVPD\KDYHEHHQUHSRUWHGWRVRPHRWKHUHQWLW\LHJRYHUQPHQWRUODZHQIRUFHPHQW EXWLV QRWSURYLGHGLQWKHLQIRUPDWLRQDYDLODEOHWRWKH,75&

%UHDFKFDWHJRULHV

Business7KLVFDWHJRU\HQFRPSDVVHVUHWDLOVHUYLFHVKRVSLWDOLW\DQGWRXULVPSURIHVVLRQDOWUDGH WUDQVSRUWDWLRQXWLOLWLHVSD\PHQWSURFHVVRUVDQGRWKHUHQWLWLHVQRWLQFOXGHGLQWKHRWKHUIRXUVHFWRUV ,WDOVRLQFOXGHVQRQSURILWRUJDQL]DWLRQVLQGXVWU\DVVRFLDWLRQVQRQJRYHUQPHQWVRFLDOVHUYLFH SURYLGHUVDVZHOODVOLIHLQVXUDQFHFRPSDQLHVDQGLQVXUDQFHEURNHUVQRQPHGLFDO

Education$Q\SXEOLFRUSULYDWHHGXFDWLRQDOIDFLOLW\IURPSUHVFKRROWKURXJKXQLYHUVLW\OHYHO 7KLVFDWHJRU\GRHVQRWLQFOXGHVFKRODUVKLSSURYLGHUVDIWHUVFKRROHQWLWLHVRUWXWRULQJRUJDQL]DWLRQV

Medical/Healthcare: $Q\PHGLFDOFRYHUHGHQWLW\&( RUEXVLQHVVDVVRFLDWH%$ DVGHILQHG E\+,3$$LQWKHKHDOWKFDUHLQGXVWU\$OVRLQFOXGHVKHDOWKFDUHIDFLOLWLHVDQGRUJDQL]DWLRQVZKLFK PD\EHDWWDFKHGWRVFKRROVDQGXQLYHUVLWLHVDQGmayLQFOXGHSKDUPDFHXWLFDOPDQXIDFWXUHUV ,QVXUDQFHFRPSDQLHVPD\YDU\E\LQGXVWU\?PHGLFDODQGORQJWHUPLQVXUDQFHSURYLGHUVZLOOEH FODVVLILHGDVPHGLFDOKHDOWKFDUH,QFOXGHGRQKKVJRYOLVW

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. A "business associate" is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.

Government/Military$Q\FLW\FRXQW\VWDWHQDWLRQDORUPLOLWDU\HQWLW\RUDGHSDUWPHQW ZLWKLQRQHRIWKHVHHQWLWLHV,QWKHHYHQWWKDWDPHGLFDOIDFLOLW\LVDOVRDJRYHUQPHQWRUPLOLWDU\ HQWLW\LWZLOOEHOLVWHGXQGHU*RYHUQPHQW0LOLWDU\(QWLWLHVVXFKDV9HWHUDQ$VVRFLDWLRQ0HGLFDO &HQWHUV9$0& ZLOOEHLQFOXGHGLQWKLVVHFWRU

Banking/Credit/Financial: 7KLVVHFWRULQFOXGHVHQWLWLHVVXFKDVEDQNVFUHGLWXQLRQVFUHGLW FDUGFRPSDQLHVPRUWJDJHDQGORDQEURNHUVILQDQFLDOVHUYLFHVLQYHVWPHQWILUPVDQGWUXVW FRPSDQLHVSD\GD\OHQGHUVDQGSHQVLRQIXQGVVDYLQJVSODQV

DoorDash Data Breach Compromised 4.9 Million Individuals' Personal Information

September Data Breaches by Industry

In September 2019 there was a total of 74 data breaches which exposed 1,556,644 sensitive records and 218,023,453 non-sensitive records. The Medical/Healthcare sector experienced the highest number of data breaches and the highest number of sensitive records exposed per sector.

INDUSTRY

# OF BREACHES

Medical/Healthcare

33

Business

23

Government/Military

13

Education

3

Banking/Credit/Financial

2

MONTHLY TOTALS:

74

# OF SENSITIVE RECORDS EXPOSED 1,168,127

370,456

15,310 2,751 Unknown 1,556,644

# OF NON-SENSITIVE RECORDS EXPOSED

Unknown

218,008,253

15,200 Unknown Unknown 218,023,453

September Data Breaches by Method

Hacking was the most common breach method at 47 percent of the overall number of data breaches and 94 percent of the overall number of sensitive records exposed.

# OF DATA BREACHES PER METHOD PER INDUSTRY

Method

Banking Business Education Government

Hacking/Intrusion (includes

Phishing, Ransomware/Malware

0

6

0

10

and Skimming)

Unauthorized Access

1

10

2

3

Employee

Error/Negligence/Improper

2

0

0

0

Disposal/Lost

Accidental Web/Internet Exposure

0

3

1

0

Physical Theft

0

1

0

0

Insider Theft

1

0

0

0

Data on the Move

0

1

0

0

Medical

19

9

2

0 2 1 0

Totals

35

25

4

4 3 2 1

Unauthorized Access was the second most common breach method and was responsible for 34 percent of the overall number of data breaches and 3 percent of the overall number of sensitive records exposed.

Hacking exposed 218 million non-sensitive records, almost 100 percent of the total number of nonsensitive records exposed in September.

METHOD OF BREACH Hacking/Intrusion (includes Phishing, Ransomware/Malware and Skimming) Unauthorized Access Employee Error/Negligence/Improper Disposal/Lost Accidental Web/Internet Exposure

Insider Theft

Physical Theft

Data on the Move

# OF SENSITIVE RECORDS EXPOSED # OF BREACHES

1,458,150

35

50,378

25

19,615

4

13,483

4

6,300

2

4,770

3

3,948

1

Year-to-date Comparison

Compared to the previous months of 2019, breaches in September exposed the third-lowest number of sensitive records. September also had the lowest number of data breaches compared to months prior year-to-date.

Three Year Comparison

When comparing breaches in the month of September ? year-over-year ? for the past three years (20172019), the highest number of data breaches was in 2017. September 2019 had the lowest number of sensitive records exposed when compared to 2018 and 2017. The Business sector reported the highest

number of data breaches in 2018 and 2017, while the Medical/Healthcare sector reported the highest number of data breaches in 2019. Hacking was the most common breach method for all three years.

INDUSTRY

Medical/Healthcare Business Government/Military Education Banking/Credit/Financial

2019

# of breaches

sensitive records exposed

33 1,168,127

23

370,456

13

15,310

3

2,751

2

Unknown

2018

# of breaches

sensitive records exposed

26

88,649

29

649,304

6

14,000,000

3

3,808

2

Unknown

2017

# of breaches

sensitive records exposed

35

414,864

67 104,335,299

4

30,337

5

14,323

14

46,998

Identity Theft Resource Center

2019 Category Summary

How is this report produced? What are the rules? See below for details.

Report Date: 10/10/2019

Totals for Category: Banking/Credit/Financial

# of Breaches: 71 % of Breaches: 6.2%

# of Records: 100,436,121

%of Records:

62.4%

Totals for Category: Business

# of Breaches: 500

# of Records: 17,101,170

% of Breaches: 43.4% %of Records:

10.6%

Totals for Category: Education

# of Breaches: 104 % of Breaches: 9.0%

# of Records: %of Records:

2,248,578 1.4%

Totals for Category: Government/Military

# of Breaches: 73 % of Breaches: 6.3%

# of Records: %of Records:

3,595,745 2.2%

Totals for Category: Medical/Healthcare

# of Breaches: 404

# of Records: 37,552,446

% of Breaches: 35.1% %of Records:

23.3%

Totals for All Categories:

# of Breaches: 1152 # of Records: 160,934,060

% of Breaches: 100.0% %of Records:

100.0%

2019 Breaches Identified by the ITRC as of: 10/10/2019

Total Breaches: 1,152 Records Exposed: 160,934,060

The Identity Theft Resource Center breach database is updated daily and published to our website weekly. A US-based breach, as identified by our current process, is considered public when one of these occur: 1) Published by a credible source (sources include Offices of the Attorney General, and established media ? TV news, radio, newspapers) 2) A letter notifying a potential victim has been received ITRC will provide attribution of the source and include the relevant data to the extent that has been made public in our findings. If the number of records is not made publicly available, ITRC will note that in the report as "unknown" indicating we do not have the specifics of the actual number impacted. Identity Theft Resource Center reserves the right to make an educated estimate to the potential of impact based on our knowledge and understanding of the specifics of the policies of the reporting entity.

The ITRC would like to thank CyberScout for its financial support of the ITRC Breach Report, ITRC Breach Stats Report and all supplemental breach reports.

Copyright 2019 Identity Theft Resource Center

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.