Number of Records Compromised in U.S. Data Breaches Nears All-Time High While Nearly 90 percent Included Victims’ SSNs
Nearly 1,600 data breaches occurred in the United States in 2017, breaking the annual record of 1,093 that was set just last year. The number of compromised data records, of which 88 percent included Social Security Numbers and 8 percent included payment card numbers, increased to nearly 180 million, the highest total since 2009.
For more than a decade the Identity Theft Resource Center (ITRC) has tallied the number of data breaches and compromised data records in the United States with an extensive year-end report. The ITRC’s 2017 Annual Data Breach Year-End Review showed a continuing trend in that the number of data breaches increased for the third consecutive year, while this has now reached an all-time high at 1,579 confirmed breaches. Prior to 2016, there had been no more than 783 data breaches in a given year, before surpassing the 1,000-mark that year and continuing to ascend beyond 1,500 in 2017.
Although suffering more than 1,000 data breaches in 2016, the silver lining was that the number of compromised data records fell significantly compared to the previous two years. Unfortunately, this sudden drop in compromised identity data records was short-lived, as the number of stolen data records leaped back to 178.9 million records in 2017. This marks the second-highest annual number of data breach records in the U.S. and the most compromised identities since 223 million were implicated in data breaches in 2009, when a Heartland Payment Systems data breach was responsible for 130 million.
The below chart shows the number of data breaches that occurred and the total number of records compromised each year from 2009 to 2017 as reported by the ITRC. While there is a clear upward trend in the number of data breaches over this time, the number of compromised data records fluctuates greatly. This is particularly true over the past three years, when stolen data records ballooned to 169 million in 2015 before falling to 36.6 million in 2016, and then increasing nearly five-fold in 2017.
Beyond understanding the number of data breaches that recently occurred and how many records were compromised, it is also important to consider what type of identity data was stolen. According to the ITRC, about 53 percent of data breaches involved Social Security Numbers while 19 percent of the data breaches that occurred in 2017 included credit or debit card numbers. Data breaches involving Social Security Numbers, however, plundered more loot. Looking at the total number of compromised data records, just 8 percent involved payment card numbers while more than 88 percent, nearly nine-in-ten, involved Social Security Numbers.
These figures imply there were more than 14.2 million payment card numbers compromised in the United States in 2017 and nearly 158 million Social Security Numbers, with these stolen identities being sold in the black market or used directly by fraudsters.
For more information: