Data breaches dropped in 2018, but more personal information was exposed


The number of data breaches dropped 24 percent in 2018, but the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

In 2017, the number of U.S. data breaches rose to an all-time high of more than 1,600 incidents. So 2018’s count of almost a quarter fewer breaches would seem to be good news.

But where the latest reading turns ominous is in the count of exposed consumer records containing sensitive personal information. While the tally of breaches dropped 24 percent in 2018, the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.

The data come from the nonprofit Identity Theft Resource Center, which publishes its “End-of-Year Data Breach Report” every January.

See related: Marriott data breach exposes 500 million guests’ information

In 2017, 1,632 breaches compromised 197.6 million consumer records with sensitive personal information, for an average of about 121,000 records per breach. Compare that with 2018’s wildly more prolific breaches, in which just 1,244 incidents exposed 446.5 million sensitive records.

That drives the new average up to almost 359,000 records per breach.

The ITRC also found an additional 1.68 billion non-sensitive records were exposed in 2018. While email-related credentials are not classified as sensitive personally identifiable information, many consumers re-use the same username, email and password combinations, so exposures even of this less sensitive data still pose a serious vulnerability threat.

The ITRC has been tracking publicly reported data breaches and the number of exposed records containing personally identifiable information since 2005, confirming the data by the breached entities themselves, various media sources and notification lists from government agencies. Its 2018 year-end report was released Jan. 28.


Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

Credit Card Rate Report
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more