Blog

Anouncements & Updates

Data Breach Reports For 2016

The ITRC Breach Report includes information about confirmed data breaches from various media sources and government agencies. Breaches that could lead to identity theft are included on the list. 

What Is A Data Breach?

According to the ITRC, a data breach is an incident where any of the following information is put at risk along with a person's name:

  • Social Security number
  • Driver's license number
  • Medical records
  • Credit card numbers
  • Debit card numbers

Also, the ITRC finds data breaches that go beyond this information. For example, they often catch breaches that include a person's name along with online usernames, email addresses and passwords. 

Data Breach Reports

There are two types of reports posted online each week by the ITRC. They provide data about exposure events along with the year's totals, and more detailed reports are generated each quarter. Breaches are categorized in their reports as one of the following:

  • Business
  • Financial/Credit
  • Medical/Healthcare
  • Government/Military
  • Educational

Data Loss And Security Breaches

The ITRC stresses that not all data breaches are alike. In addition to their main categories, they use several sub-categories for classification. All of the categories include exposed personal identifying information that is not encrypted. These are the main categories of data loss tracked by the ITRC:

  • Hacking
  • Insider Theft
  • Subcontractor/Third Party
  • Data on the Move
  • Accidental Web/Internet Exposure
  • Employee Error/Negligence
  • Physical Theft

Breach Assessment

When a breach occurs, it is included in the report for the year or previous year in which the breach was publicized. To be published by the ITRC, the breach must have also been published by a radio station, television station or another reliable media source. If the ITRC is not certain about the media source's credibility, the breach will not be published. Most breaches have multiple sources reporting on them, and the ITRC includes links to all credible reporting sources. 

In some cases, the number of records exposed is not included, and the ITRC notes this fact if it applies. For encrypted records, the ITRC notes on the report that they do not consider it data exposure. Files classified as "password protected" are not considered encrypted and are usually included in breach reports.

Quantifying Data Breaches Today

The ITRC is commonly asked if there are more breaches today than there were in the past. Although the organization cannot provide a clear answer, they do tell people that more companies are reporting data breaches than they were in the past. Some companies admit to withholding information about data breaches in the past. With public pressure and more laws today, companies must report breaches. In their opinion, the ITRC also says that thieves seem to be stealing data more frequently today and in larger quantities. However, they emphasize that this is only their opinion based on observations and available information. 

Data breaches create major liabilities for companies. To learn more about insurance and data breaches, discuss concerns with an agent.

Frances Zettl