Breach Barrage: The Most Targeted Vertical Might Surprise You
All Breached Out
It seems like almost every day the security industry is grappling with the fallout from yet another breach. So far this year, we have seen major breaches hit the health-care and federal government verticals in particular, but which vertical takes the cake for being the biggest hacker target? Using data and filings compiled by the Privacy Rights Clearinghouse, CRN has run the numbers on data breaches both big and small and figured out which vertical was hit the most this year. The verticals were ranked by number of breaches, as many companies don't disclose how many records were affected.
While health care and the federal government are obviously big targets right now, the answer of the most targeted vertical and how the industries stack up might surprise you. Take a look.
7. Nonprofit Organizations
Number of Breaches: 0
Records Stolen: 0
Nonprofit organizations were the only industry tracked by the Privacy Rights Clearinghouse that has been let off the hook so far this year by hackers. While that doesn't mean that they'll be breach-free by the end of the year, nonprofits are definitely off to a better security start so far this year.
6. Educational Institutions
Number of Breaches: 8
Records Stolen: More than 19,856
While education didn’t top the list of industries targeted by hackers, solution providers told CRN that they see a rising trend in targeted attacks on schools and higher education. In fact, security ratings company BitSight has ranked the industry as the worst-performing vertical overall, with a score of 550 out of a range from 250 to 900 (well below the 620 for health care, 630 for utilities, 670 for retail and 710 for finance). The reason the education vertical often struggles with security, solution providers said, is that budgets are lower and security measures often conflict with a culture of openness in higher education.
5. Government and Military
Number of Breaches: 8
Records Stolen: More than 21,600,845
While government was ranked fifth by number of breaches, it was hit by one of the largest and most serious data breaches of the year so far. The June news of two breaches at the Office of Personnel Management hit more than 21 million federal employees and contractors, exposing sensitive background information, including Social Security numbers, residency and educational history, employment history, information about immediate family and other personal and business acquaintances, health, criminal and financial history, and more.
4. Retail And Merchant
Number of Breaches: 9
Records Stolen: More than 100
Historically one of the more headline-grabbing verticals with breaches at Target, Home Depot and more, the retail and merchant industries landed in fourth place on most-hit verticals so far this year. Breaches this year include CVS Pharmacy, Starbucks, Sally Beauty Supply and Toys "R" Us. The number of records stolen is so low because only one retail company – CVS -- reported the number of records taken in its breach.
3. Financial And Insurance Services
Number of Breaches: 18
Records Stolen: More than 92,100,662
This category includes some of this year's biggest data breaches, including major insurance breaches at Anthem, Premera and CareFirst. While banks were still hit, a large portion of the 18 data breaches in this category was on insurance services, particularly in the health-care space. In targeting those businesses, hackers gained access to health-care records, which fetch a valuable price on the black market compared to credit card data and often include sensitive personal information for future attacks.
2. Health-Care And Medical Providers
Number of Breaches: 14
Records Stolen: More than 4,653,570
Given the high price tag hackers can claim for health-care records on the black market, it is no wonder that health-care and medical providers were the No. 2 most targeted vertical. Companies hit included the UCLA Health System, UC Irvine Medical Center and Advantage Dental. However, from a records point of view, the vertical was not hit as hard as the insurance companies that hold a much greater database of those records.
1. Other
Number of Breaches: 30
Records Stolen: More than 40,586,166
Falling into the "other" category are airlines, law firms, hotels, sports teams, security vendors and more. It also included the prominent hack of so-called cheating website Ashley Madison, which compromised 37 million records. While not a strict vertical, the "other" category took the crown for most number of breaches, illustrating the point that many solution providers make, which is that no industry is immune to attacks.