Although researchers found that the total number of data breaches had decreased by 23 percent from 2017 to 2018, it doesn't necessarily mean that change is on the horizon, especially since the amount of stolen records containing sensitive information spiked by 126 percent.
The industries with the most breaches include business, medical/health care, banking/financial, government/military and, lastly, education. The business industry saw a total of 571 reported breaches that exposed more than 415 million records in 2018. The same sector also held the number one spot in 2017 with 907 reported breaches that exposed more than 181 million records.
Notably, officials also found that data breaches captured 1.68 billion non-sensitive records, which included email addresses, passwords and usernames. Though such stolen information can be easily disregarded, it shouldn't be, as it can lead to serious ramifications.
"A consumer's identity is similar to that of a puzzle, and the more accurate pieces a thief has about someone, the more they can successfully represent that person," the report explains. "In addition, thieves can take non-sensitive [personally identifiable information] like email addresses and use high-tech software to ‘guess' the passwords for all accounts associated with this email."
"Once they have these credentials, they can change the password, lock the person out of their account and possibly obtain sensitive [personally identifiable information]," it adds.
The report notes that Marriott International had the highest number of reported sensitive records exposed in 2018, which impacted some 383 million people across the globe. In second place was Government Payment Service Inc. with 14 million, followed by airline Cathay Pacific with 9.4 million.
Eva Velasquez, chief executive of the ITRC, told the New York Times that "travel companies are a prime target of cyberthefts [because they have] highly sensitive, personally identifiable information." And this isn't likely to change, according to experts.
The ITRC also found that while the business sector had the largest amount of data breaches, it didn't exactly have the highest rate of exposure per breach. In fact, that title was given to the health care field, which exposed the records of nearly 10 million individuals. The majority of that data included protected health information, social security numbers, credit/debit card information and even DMV records.
"Medical identity theft is a very serious form of identity theft, and there's no real way to prevent it after a data breach," Pam Dixon, the executive director of the World Privacy Forum, told NBC News. "You'll go to your doctor, and suddenly there's all this new, fake and incorrect information in your health file."
"That can create some serious problems," Dixon stressed.
In an effort to minimize one's risk, experts have urged netizens to always use strong, unique passwords for online accounts, review financial statements and set up alerts on banking accounts and social media accounts for newly detected logins. As an added measure, some have also suggested the creation of a standby email that's only used for booking or purchasing things online, that way it's not directly tied to a work or personal email.
