Business Sector Continues as a Top Breach Target

The Business Sector at 42% of the overall number of breaches, topped the category list as the industry facing the most breaches in October, according to the Identity Theft Resource Center.

The San Diego-based ITRC reported this as the fifth consecutive month business topped the list of victims.  The Medical/Healthcare sector was the second highest industry with the most breaches representing 32% of the overall number of breaches identified in October, down 7% from the previous month, followed by the Government/Military sector, representing 13%, up 8% from September.

The percentage for Banking/Credit/Financial sector, ranked as the fourth highest affected industry, doubled since September representing 6%; hacking affected the Banking/Credit/Financial sector the highest at 60% of the total breaches. The Education sector was affected the least this month with 5% of total breaches.

The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format. The ITRC currently tracks seven categories of data loss methods:  Insider Theft, Hacking (which includes spearphishing, ransomware, and skimming), Data on the Move, Employee Error/Negligence/Improper Disposal/Lost, Accidental Web/Internet Exposure, Physical Theft and Unauthorized Access.

Unauthorized Access was the primary type of breach incident, representing 42% of the overall number of breaches reported by the ITRC in October, up 12% from September. The study also identified hacking as the second most common breach method, representing 32% of the overall total number of October breaches, experiencing a fall of 14% from September. Phishing and ransomware/malware were the two most prevalent forms of hacking for October, both representing 36% of the total breaches categorized as hacking.

Unauthorized Access affected the Education, Business, and Government/Military sectors the most representing 75, 49, and 36% of the sector respectively, while Unauthorized Access and Hacking tied at 38% of the total breaches for the Medical/Healthcare sector.

Employee error/negligence/improper disposal/lost was the third most common method of breach, representing 10%, up 3% from September followed by physical theft, ranked fourth, up 8% from the previous month, and accidental exposure, down 5% from September.

Among the notable October events:

• The Pentagon – Department of Defense experienced a cyberbreach affecting U.S. military and civilian personnel in early October. An official for the Pentagon stated that no classified information was compromised, but 30,000 workers may have had personal information, travel records, and credit card data exposed.
• The U.S. Centers for Medicare & Medicaid agent and broker portal, which interacts with HealthCare.gov, was hacked in early October exposing 75,000 individual’s personal data including Social Security numbers, income, and citizenship or legal immigration status.
• The Employees Retirement System of Texas learned of a security issue in their online portal, which allowed the exposure of 1.25 million members’ information. including first and last names, Social Security numbers, and ERS member identification numbers, to those who logged into the portal.
• Hong Kong-based airline Cathay Pacific experienced a data breach affecting 9.4 million international passengers, including U.S. consumers, when an unauthorized actor gained access to their network in March. Information accessed included: name, nationality, birthdate, email, address, number, customer service remarks, historical travel information, and. phone, frequent flyer, passport and membership numbers.