October Data Breaches by Type
Unauthorized Access was identified as the primary type of breach incident, representing 42 percent of the overall number of breaches reported by the Identity Theft Resource Center in October, up 12 percent from September.
Hacking was the second most common method of breach, representing 32 percent of the overall total number of breaches in October, experiencing a fall of 14 percent from September. Phishing and ransomware/malware were the two most popular forms of hacking for October, both representing 36 percent of the total breaches categorized as hacking.
Employee Error/Negligence/Improper Disposal/Lost
Employee Error/Negligence/Improper Disposal/Lost was the third most common method of breach, representing 10 percent, up three percent from September followed by Physical Theft, ranked fourth, up eight percent from last month, and Accidental Exposure, down five percent from September.
October Data Breaches by Industry
The Business sector topped the list as the industry facing the most breaches in October for the fifth consecutive month, at 42 percent of the overall number of breaches. The Medical/Healthcare sector was the second highest industry with the most breaches representing 32 percent of the overall number of breaches identified in October, down seven percent from last month, followed by the Government/Military sector, representing 13 percent, up eight percent from September. Ranked as the fourth highest impacted industry, the Banking/Credit/Financial sector percentage doubled since last month representing 6 percent, and the Education sector was impacted the least this month with five percent of total breaches.
Unauthorized Access impacted the Education, Business, and Government/Military sectors the most representing 75, 49, and 36 percent of the sector respectively, while unauthorized access and hacking tied at 38 percent of the total breaches for the Medical/Healthcare sector. Hacking impacted the Banking/Credit/Financial sector the highest at 60 percent of the total breaches.
October Company Breach Highlights
The Pentagon – Department of Defense experienced a cyber-breach affecting U.S. military and civilian personnel in early October. Although an official for the Pentagon stated that no classified information was compromised, 30,000 workers may have had their personal information, travel records, and credit card data exposed.
The U.S. Centers for Medicare & Medicaid (CMS) agent and broker portal, which interacts with HealthCare.gov, was hacked in early October exposing 75,000 individual’s personal data including Social Security numbers, income, and citizenship or legal immigration status.
The Employees Retirement System of Texas learned of a security issue in their ERS OnLine portal which allowed 1.25 million members’ information to be visible to those who logged into the portal. Information exposed included first and last names, Social Security numbers, and ERS member identification numbers.
Hong Kong-based airline Cathay Pacific experienced a data breach affecting 9.4 million international passengers, including US consumers, when an unauthorized actor gained access to their network in March. Information accessed included: name, nationality, date of birth, phone number, email, address, passport number, frequent flyer membership number, customer service remarks and historical travel information.
Richfield Chamber of Commerce Can Help