Earlier this week, the U.S. House of Representatives Committee on Oversight and Government Reform issued a report on the massive data breach that hit the federal Office of Personnel Management (OPM) in 2014 and 2015 and resulted in the theft of more than 22 million records. The stolen records included the personnel files of 4.2 million former and current government employees, security background check information on 21.5 million individuals and fingerprint data on 5.6 million people.
There is some overlap among individuals whose records were stolen, which is why the total is more than 22 million.
The report scorches the OPM and concludes:
The longstanding failure of OPM’s leadership to implement basic cyber hygiene, such as maintaining current authorities to operate and employing strong multi-factor authentication, despite years of warnings from the Inspector General, represents a failure of culture and leadership, not technology. As OPM discovered in April 2015, tools were available that could have prevented the breaches, but OPM failed to leverage those tools to mitigate the agency’s extensive vulnerabilities.
As a result, tens of millions of federal employees and their families paid the price. Indeed, the damage done to the Intelligence Community will never be truly known. Due to the data breach at the OPM, adversaries are in possession of some of the most intimate and embarrassing details of the lives of individuals who our country trusts to protect our national security and its secrets.
The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 657 data breaches recorded this year through September 8, 2016, and that nearly 29 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 56 since ITRC’s report on August 16.
The number of breaches in 2015 totaled 781, just two shy of the record 783 breaches that ITRC tracked in 2014. The 657 data breaches reported so far for 2016 are about 15% above the number reported (571) for the same period last year. A total of more than 169 million records were exposed in 2015.
Here’s a rundown of the latest ITRC report:
- The medical/health care sector leads all sectors in the number of records compromised to date in 2016. The sector has posted 36.1% (237) of all data breaches to date this year. The number of records exposed in these breaches totaled nearly 13.5 million, or about 47% of the total so far in 2016.
- The government/military sector has suffered 47 data breaches so far this year, representing about 42.8% of the total number of records exposed and 7.2% of the incidents. More than 12 million records have been compromised in the government/military sector to date in 2016.
- The business sector accounts for more than 2.5 million exposed records in 287 incidents. That represents 43.7% of the incidents, and 8.8% of the exposed records.
- The number of banking/credit/financial breaches totals 21 for the year to date and involves nearly 5,300 records, some 3.2% of the total number of breaches and less than 0.1% of the records exposed.
- The educational sector has seen 65 data breaches in 2016. The sector accounts for 9.9% of all breaches for the year and more than 400,000 exposed records, about 1.4% of the total so far this year.
Since beginning to track data breaches in 2005, ITRC had counted 6,467 breaches through August 2, 2016, involving nearly 880 million records.