Breaches in the banking/financial/credit category dropped by 73% so far this year, but breach incidents overall are on a record pace, according to the San Diego-based Identity Theft Resource Center.

As of May 24, 2016, the total on the 2016 ITRC Breach Report hit 420, up 22.1% over last year's record pace for the same period (344). This represents 12,151,764 million records.

Year over year, breaches in the education sector were up nearly 80% over 2015 figures, followed by the business sector, up 46.0%, and the medical/healthcare field, up 18.1%. The government/military sector continued to show a decline from last year's figures, down 16.7%.

Breaches in the five industry sectors broke down as follows: Business, 48.3%; medical/healthcare, 32.6%; educational, 11.9%; government/military, 4.8% and banking/credit/financial, 2.4%. Only 10 breaches have been reported in the banking sector so far.

Of the total breaches, nearly one-third involved CEO spear phishing, the ITRC pointed out. FBI officials recently issued a warning of a dramatic rise in business email compromises, in which perpetrators target internal employees with access to financial or sensitive employee data by impersonating executives, trusted individuals or vendors.

Another threat to organizations is ransomware.

The Sunnyvale, Calif.-based security firm Proofpoint's analysis of first quarter 2016 threats and trends revealed ransomware vaulted into the top ranks of cybercriminals' most preferred malware. Nearly one-quarter of document attachment-based email attacks in the first quarter featured the new Locky ransomware.

The ransomware threat also caught the attention of Congress. Rep. Michael C. Burgess (R-Texas) said ransomware criminals should be "shot at sunrise" at an encryption hearing before a House subcommittee on Tuesday.

"The comment that Mr. Burgess has made deserves special mention, especially in the light of a considerable increase in ransomware strikes in recent times and the need for strong internet security measures," the Clifton, N.J.-based Comodo wrote in a blog.

The cybersecurity firm added, "Ransomware, like other malware, can infect a system or a network without anyone getting a hint about it. Those affected would be forced to pay a ransom to get them out of this plight."

LinkedIn also responded to reports of a security issue with an emailed letter to members.

"On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach," the company wrote.

LinkedIn said the information involved included member email addresses, hashed passwords and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.

"We invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach," LinkedIn wrote. "In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities."

LinkedIn said it has taken significant steps to strengthen account security since 2012. For example, it now uses salted hashes (random data used as an extra input) to store passwords and enable additional account security by offering members the option to use two-step verification.

"We have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure," the letter said.

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).