2016 Summary of Compromises
2016 Compromises affecting 10,000 or more
2016 Compromises affecting less than 10,000
2016 Compromises affecting an unknown, or undisclosed number
2016 General Information
With over 3 billion compromises during the first ten months of 2016 we have exceeded double the almost 1.4 billion compromises of 2014 (chart). We’ve written often that exposures were not being disclosed. Disclosure is increasing and the real numbers being exposed are horrendous.
01/01/2016 to | 10/31/2016 | ACB= | 8,285,061 | |
All Types | Total | Non-Fin | Fin | Unknown |
Affected Count | 3,040,614,431 | 3,008,558,063 | 32.059.368 | ??? |
Incident Count | 857 | 367 | 16 | 474 |
Avg per incident | 3,547,978 | 8,197,706 | 2,003,711 | ??? |
% by # affected | 98.95% | 1.05% | ??? | |
% by incidents | 42.82% | 1.87% | 55.31% |
How many other breaches went un-reported? Remember over 95% (see 2 page PDF) US states and jurisdictions have a safe harbor rule such that if the data is encrypted (even if poorly encrypted) then you need not get told. See When do you get told your data was compromised?
In accounts affected and incident count non-financial compromises far outnumber financial accounts compromised. Why should you care? Because the compromised information can be used for identity theft which leads to financial problems that are not tracked by these breach reports. Any compromise of personally identifiable information (PII) is to be avoided.
Average Compromised per Breach (ACB) does not include incidents where the number compromised is unknown or undisclosed. A higher ACB means that, on average, more accounts were compromised in fewer incidents. Or, that the number of accounts compromised grew faster than the number of incidents.
In addition to sources cited above the Chronology of Data Base Breaches maintained by the Privacy Rights Clearinghouse was used. Their website is a valuable resource for those seeking information on basic privacy, identity theft, medical privacy and much more. They are highly recommended. We also recommend The Identity Theft Resource Center (ITRC).
2016 Compromises affecting 10,000 or more
2016 Compromises affecting less than 10,000
2016 Compromises affecting an unknown, or undisclosed number
2016 General Information
Return to References page
Return to Year Link page
Links above were active at the time they were gathered.
Why this is the last month we’re gathering data
In early October 2016 the editors shifted their attention to the US National Election. They expected to resume tracking at this level of detail, but the resources were no longer available. Based on the information gathered the editors are sadly confident that breaches will continue. “Breach fatigue” is so prevalent that breaches affecting millions rate little to no press especially as the media are engrossed on reporting matters affecting the world’s oldest democracy.