Research and Statistics

Data breaches dropped in 2018, but more personal information was exposed


The number of data breaches dropped 24 percent in 2018, but the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

In 2017, the number of U.S. data breaches rose to an all-time high of more than 1,600 incidents. So 2018’s count of almost a quarter fewer breaches would seem to be good news.

But where the latest reading turns ominous is in the count of exposed consumer records containing sensitive personal information. While the tally of breaches dropped 24 percent in 2018, the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.

The data come from the nonprofit Identity Theft Resource Center, which publishes its “End-of-Year Data Breach Report” every January.

See related: Marriott data breach exposes 500 million guests’ information

In 2017, 1,632 breaches compromised 197.6 million consumer records with sensitive personal information, for an average of about 121,000 records per breach. Compare that with 2018’s wildly more prolific breaches, in which just 1,244 incidents exposed 446.5 million sensitive records.

That drives the new average up to almost 359,000 records per breach.

The ITRC also found an additional 1.68 billion non-sensitive records were exposed in 2018. While email-related credentials are not classified as sensitive personally identifiable information, many consumers re-use the same username, email and password combinations, so exposures even of this less sensitive data still pose a serious vulnerability threat.

The ITRC has been tracking publicly reported data breaches and the number of exposed records containing personally identifiable information since 2005, confirming the data by the breached entities themselves, various media sources and notification lists from government agencies. Its 2018 year-end report was released Jan. 28.


Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Research and Statistics

Parents pass on their financial attitudes and beliefs about debt to children

A growing body of research finds parents’ financial beliefs and behaviors often have a profound effect on children’s financial outcomes.

See more stories
Credit Card Rate Report Updated: July 29th, 2020
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.