What Types of Data are Stolen the Most? And How?

The broad term "data breach" is spouted regularly in the news, in company communications, and in financial and health care forums. Although this umbrella term was used before the digital age; since then, it has evolved from niche discussions to ubiquity.

Data Breaches in the Digital Age

Many experts consider 2005 as the starting point for recording digital data breaches, as that year marked a shift in the volume of hard copy versus digital content. It was also the year that digital data breaches were becoming common enough for organizations like the Privacy Rights Clearinghouse to start tracking them. According to the organization, 136 data breaches were reported that year. Since 2005, the Privacy Rights Clearinghouse cites 5,428 data breaches, with the most breaches in a given year happening in 2016.

What Types of Data are Stolen?

The massive volume of digital content today makes huge breaches more possible than ever. The main target of attackers? “Worldwide, identity theft is the most common type of data breach incident, accounting for 59 percent of all global data breach incidents in 2016.” (Source: Statista.com). The largest breach to date was hackers’ 2013 theft of 1 billion Yahoo users’ information. The identity data most attackers are looking for include:

  • Birth dates
  • Social Security numbers
  • Telephone numbers
  • Email addresses
  • Bank account numbers
  • User names
  • Mailing addresses
  • Clinical and claims information

How Data Is Stolen

Attackers use all sorts of methods to infiltrate systems and gain access to sensitive data:

  • Payment card fraud (e.g., skimming devices at point-of-service terminals)
  • Insider attacks in which someone with legitimate access intentionally compromises the system or network
  • Hacking remotely or via malware
  • Lost, discarded, or stolen devices, including laptops, CDs, memory sticks, smartphones, etc.
  • Unintended disclosure, in which sensitive information is accidentally put into the hands of attackers (e.g., mishandled data or data sent as a result of a phishing scam)

Most of the largest breaches have been the result of hacker attacks, in which attackers bypass network security remotely to access a computer or network.

Shore-Up to Avoid Breaches

As the number of security incidents and data breaches continues to rise, effective security best practices become even more crucial. The need for around-the-clock, year-round network security monitoring has become an absolute necessity to safeguard your critical data—and if your internal resources fall short or you want to shore-up your security posture, consider an experienced and proven third-party security provider to ensure your organization isn’t the victim of the next big data breach.