Fraudsters have caused 1,202 data breaches this year as of Nov. 29, up nearly 18% from the same period a year earlier, and they’ve exposed 172.4 million records, according to the latest figures from the Identity Theft Resource Center.
Some 156.4 million Social Security numbers were compromised in the breaches, accounting for nearly 91% of the exposed records, according to the San Diego-based non-profit that tracks data breaches, identity theft, and consumer scams. The vast majority came from the huge breach at credit-reporting agency Equifax Inc. that compromised about 145 million Social Security numbers in addition to 209,000 credit cards.
A total of 9.29 million credit and debit cards are known to have been exposed through 169 data breaches, according to the ITRC. Payment-card compromises accounted for 14% of all breaches and slightly more than 5% of the known records compromised.
The ITRC tracks publicly available information about breaches from media reports, filings made to state governments, and other sources. Many disclosures do not provide estimates of the number of records exposed, so the actual totals for cards and other records could be much higher than reported.
While the Equifax breach generated big headlines and prompted a Congressional inquiry, a recurring theme in this year’s breaches has been “spearphishing attacks going after tax information,” ITRC program director Karen Barney tells Digital Transactions News. Spearphishing is a highly targeted variant of phishing attacks in which fraudsters send emails or other communications to individuals trying to induce them to divulge sensitive financial and personal data. Tax information very often includes Social Security numbers.