The five industry sectors broke down as follows:

• Business = 46.4%

• Medical/Healthcare = 33.5%

• Educational = 11.4%

• Government/Military = 5.8%

• Banking/Credit/Financial = 3%

The ITRC defined a data breach as an incident in which an individual name plus a Social Security number, driver's license number, medical record or financial record (credit/debit cards included) was potentially put at risk because of exposure.

The ITRC 2016 Breach Report is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies. Some breaches did not have reported statistics yet or remained unconfirmed.

Following are the biggest 2016 U.S data breaches, based on confirmed, exposed personally identifiable information records.

Join us at the new Credit Union Times Fraud: Don't Let It Happen To Your Credit Union Conference, where you will find the latest tools and techniques for preventing fraud and data breaches; strategies for responding in the immediate aftermath and best practices for restoring reputation, financial stability and information security .  This two-day conference is designed for credit union executives, board of directors and those responsible for your credit unions cyber security policy.    Register to attend and save $150.

1. Office of Child Support Enforcement: 5 Million Records

Hard drives and a personal laptop, possibly containing millions of SSNs, were taken from a federal building in Washington State in February. However, the breach wasn't reported until late March, prompting Congress to question the breach response actions taken by the U.S. Department of Health and Human Services.

2. 21st Century Oncology: 2.2 Million Records

In October 2015, a hacker gained access to a patient database in Florida containing insurance data and SSNs of patients. While the incident was not of the magnitude at Anthem, Excellus BCBS or Primera Blue Cross, it did rank as one of the largest healthcare data breaches of 2015. On March 4, 2016, a regulatory filing issued to the Securities and Exchange Commission indicated 2.2 million current and former patients potentially had their data copied and stolen.

3. Verizon Enterprise Solutions: 1.4 Million Records

In New Jersey, a B2B unit of the giant telecommunications firm Verizon, which often helps other companies respond to large data breaches, needed to investigate its own data breach involving the theft and resale of customer data. KrebsOnSecurity reported a prominent member of a closely guarded underground cybercrime forum posted a thread advertising the sale of a database containing the contact information on Verizon Enterprise customers.

4. Centene: 950,000 Records

The St. Louis-based payer misplaced six hard drives containing information of individuals who received laboratory services from 2009 to 2015, including names, addresses, birth dates, SSNs, member ID numbers, and health information. There was no financial or payment information stored on the hard drives, according to Centene.

5. Kroger / Equifax: 431,000 Records

Identity thieves stole tax and salary data from credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees. The nation's largest grocery chain by revenue is one of several Equifax customers similarly victimized this year. According to the letter dated May 5, thieves were able to access W-2 data simply by entering Kroger's employee default PIN at Equifax's online portal, which was nothing more than the last four digits of the employee's SSN and his or her four digit birth year.

6. California Correctional Health Care Services: 400,000 Records

On April 25, CCHCS identified a potential breach of PII and protected health information that occurred on Feb. 25 when robbers broke into a workforce member's automobile and stole an unencrypted laptop. The laptop was password protected in accordance with state protocol.

7. Baileys, Inc.: 250,000 Records

The outdoor equipment retailer notified its customers that an attacker may have stolen payment card information from the company website and that the length of the breach was longer than previously suspected, between Dec. 1, 2011 and Jan. 26, 2016. An examination by its security consultant revealed the theft involved 15,000 credit cards used to pay for purchases: Nearly 25% MasterCard cards, 64% Visa cards and less than 5% and 6% American Express and Discover cards, respectively.

8. Premier Healthcare: 205,748 Records

The Bloomington, Ind., healthcare provider discovered a laptop stolen from the billing department's locked and alarmed administrative office on Jan. 4. The laptop was password protected, but not encrypted. Emails stored on the laptop's hard drive contained some screenshots, spreadsheets and PDF documents used to address billing issues with patients, insurance companies, and other healthcare providers.

9. Southern New Hampshire University: 140,000 Records

This breach was discovered by researcher Chris Vickery shortly before Christmas 2015 but the investigation carried over to 2016. The exposed SNHU database contained student names, email addresses and IDs, as well as other class-related details such as course name, course section, assignment details and assignment score. The database also contains instructor names and email addresses.

10. IRS: 101,000 Records

The January 2016 assault, reported in February, took place after attackers previously gained access to the SSNs of 464,000 people, according to the IRS. This time hackers cracked an automated system, which generated additional e-filing PIN numbers.

Join us at the new Credit Union Times Fraud: Don't Let It Happen To Your Credit Union Conference, where you will find the latest tools and techniques for preventing fraud and data breaches; strategies for responding in the immediate aftermath and best practices for restoring reputation, financial stability and information security .  This two-day conference is designed for credit union executives, board of directors and those responsible for your credit unions cyber security policy.    Register to attend and save $150.