The number of data breaches dropped 24 percent in 2018, but the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.
In 2017, the number of U.S. data breaches rose to an all-time high of more than 1,600 incidents. So 2018’s count of almost a quarter fewer breaches would seem to be good news.
But where the latest reading turns ominous is in the count of exposed consumer records containing sensitive personal information. While the tally of breaches dropped 24 percent in 2018, the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.
The data come from the nonprofit Identity Theft Resource Center, which publishes its “End-of-Year Data Breach Report” every January.
See related: Marriott data breach exposes 500 million guests’ information
In 2017, 1,632 breaches compromised 197.6 million consumer records with sensitive personal information, for an average of about 121,000 records per breach. Compare that with 2018’s wildly more prolific breaches, in which just 1,244 incidents exposed 446.5 million sensitive records.
That drives the new average up to almost 359,000 records per breach.
The ITRC also found an additional 1.68 billion non-sensitive records were exposed in 2018. While email-related credentials are not classified as sensitive personally identifiable information, many consumers re-use the same username, email and password combinations, so exposures even of this less sensitive data still pose a serious vulnerability threat.
The ITRC has been tracking publicly reported data breaches and the number of exposed records containing personally identifiable information since 2005, confirming the data by the breached entities themselves, various media sources and notification lists from government agencies. Its 2018 year-end report was released Jan. 28.