2016 Data Breach by Industry Fact Sheet

Since 2005, there have been 5,045 reported data breaches, averaging out to 420 data breaches per year, that have affected over 900 million records (260,000 records per day).

Data Breaches by Industry Type

  • Businesses – Financial and Insurance Services
    Since 2005 – 641 data breaches / 379 million records
  • Businesses – Retail/Merchant
    Since 2005 – 552 data breaches / 257 million records
  • Businesses – Other
    Since 2005 – 777 data breaches / 22 million records
  • Educational Institutions
    Since 2005 – 775 data breaches / 15 million records
  • Government and Military
    Since 2005 – 726 data breaches / 178 million records
  • Healthcare – Medical Providers
    Since 2005 – 1,464 data breaches / 48 million records
  • Nonprofit
    Since 2005 – 107 data breaches / 2 million records

Types of Data Breach Events

  • Hacking or malware (HACK) – Electronic entry by an outside party, malware or spyware.
  • Insider (INSD) – Someone with legitimate access, such as an employee or contractor, intentionally breaches information.
  • Payment Card Fraud (CARD) – Fraud involving debit and credit cards that is not accomplished via hacking. For example, skimming devices at point-of-service terminals.
  • Physical loss (PHYS) – Lost, discarded or stolen non-electronic records, such as paper documents.
  • Portable device (PORT) – Lost, discarded or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc.
  • Stationary device (STAT) – Lost, discarded or stolen stationary electronic device such as a computer or server not designed for mobility.
  • Unintended disclosure (DISC) – Sensitive information posted publicly on a website, mishandled or sent to the wrong party via email, fax or mail.
  • Unknown or other (UNKN)

 

Source: Privacy Rights Clearinghouse, August 12, 2016 – https://www.privacyrights.org/data-breach/new