Page 15 - End of Year 16 Page Booklet QTY 50

P. 15

ABOUT THE 2018 DATA BREACH REPORT

Since 2005, Identity Theft Resource Center has tracked publicly reported data breaches and the
number of records containing sensitive personally identifiable information (PII) exposed in each
data breach, confirmed by the breached entity itself, various media sources and/or notification
lists from government agencies. ITRC tracks breaches for entities that are located in or do business
in the United States impacting U.S. consumers. The methodology for tracking and reporting
information about data breaches stems from the fact that data breaches expose information that
can lead to identity theft, allowing ITRC to assist victims of these breaches and the potential of

subsequent identity theft with customized remediation plans.

» ITRC CURRENTLY TRACKS SEVEN CAUSES OF DATA COMPROMISE:
• Insider Theft
• Hacking/Computer Intrusion (includes Phishing, Ransomware/Malware and Skimming)
• Data on the Move

• Physical Theft
• Employee Error/Negligence/Improper Disposal/ Lost
• Accidental Web/Internet Exposure
• Unauthorized Access

The Identity Theft Resource Center currently tracks various types of information compromised,
including Social Security number (SSN); credit/debit card number; email/password/user ame;
protected health information (PHI); driver’s license; financial accounts; other/undefined type of

records.

Of note, when the number of records is not provided by the reporting entity, the ITRC will note
that the records were “unknown” (UNK) rather than include a possible inaccurate estimate based
on the known requirements to report the records exposed. This means that if we know that the
jurisdiction that the reporting entity is bound by requires that the breached entity report the
actual number above 500 and the number of records breached was less than that, we will not

provide a number unless it is reported by the breached entity. This factors into how we report the
total number of exposed records.

10 11 12 13 14 15 16