The number of data breaches dropped 24 percent in 2018, but the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.
The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.
The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.
In 2017, the number of U.S. data breaches rose to an all-time high of more than 1,600 incidents. So 2018’s count of almost a quarter fewer breaches would seem to be good news.
But where the latest reading turns ominous is in the count of exposed consumer records containing sensitive personal information. While the tally of breaches dropped 24 percent in 2018, the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.
The data come from the nonprofit Identity Theft Resource Center, which publishes its “End-of-Year Data Breach Report” every January.
In 2017, 1,632 breaches compromised 197.6 million consumer records with sensitive personal information, for an average of about 121,000 records per breach. Compare that with 2018’s wildly more prolific breaches, in which just 1,244 incidents exposed 446.5 million sensitive records.
That drives the new average up to almost 359,000 records per breach.
The ITRC also found an additional 1.68 billion non-sensitive records were exposed in 2018. While email-related credentials are not classified as sensitive personally identifiable information, many consumers re-use the same username, email and password combinations, so exposures even of this less sensitive data still pose a serious vulnerability threat.
The ITRC has been tracking publicly reported data breaches and the number of exposed records containing personally identifiable information since 2005, confirming the data by the breached entities themselves, various media sources and notification lists from government agencies. Its 2018 year-end report was released Jan. 28.