Last week’s Citi Bike data breach caused quite a flurry, exposing 1,174 pieces of user data after a technical glitch; like a hurricane, the story broke, caused confusion and chaos, and then just as quickly died down. In relative terms, the Citi Bike breach is a small one. However, one of the most surprising elements of this breach were the public comments which expressed outrage at the banks, credit card companies, even the government.
But the reality is: this was a business breach. Citi Bike, a New York City bike sharing program, is owned and operated by NYC Bike Share LLC. While Citibank provided funding for this endeavor, it does not manage the activities of Citi Bike/NYC Bike Share LLC. And although the City of New York Department of Transportation is in partnership with Citi Bike/NYC Bike Share LLC, it was the responsibility of NYC Bike Share to protect the information.
With all these people up in arms about the financial industry reporting yet another breach, we think it’s important that consumers really know what they are up in arms about.
The Identity Theft Resource Center has done a year over year analysis of data breach trends and found some interesting information. The following is a synopsis of the trends in breaches since we have been measuring them, categorized by industry. We used the percentage of breaches for this evaluation. For additional numbers, or the raw numbers of breaches per category, see our full report.
- Banking/credit/financial has historically reflected lower percentages than other categories, averaging in the single digits at 8.9 over the past seven years. They have slowly crept down to an all- time low last year of 3.8% of the total that the ITRC captured. Citizens are so angry and upset at the banking industry, but really, they are by far the least offensive culprits.
- Business breaches grew steadily from 15% in 2005 to a spike of 47% in 2011. In the last two years they have crept downward with 36% last year and 32% in 2013 YTD. Historically businesses have been the highest percentage of breaches, until this year.
- Educational breaches have been trending steadily downward, reaching their lowest point of 9.8% in 2010. They climbed again to 14.1% in 2011, but have begun trending down again and are in the single digits so far this year.
- Government/Military breaches spiked early on in our reports, up to 30.5% in 2006. Government breaches have been trending downward every year since. They represent only 10.5% of breaches captured thus far this year.
- Medical breaches are really the story here. They stayed relatively static from 10.2% -14.8% from 2005-2009. They started climbing rapidly from 20.5%-34.7% from 2010-2012 and have continued to escalate rapidly. Currently they represent 44.6% of the breaches captured thus far this year and have overtaken business breaches as highest percentage.
The most important thing to remember about data breaches is that you should not panic if you receive a data breach notification letter. Chances are that you will receive one in your lifetime. Just because you receive such a notification doesn’t mean you are automatically a victim of identity theft. Unfortunately, it does increase your chances. Recent statics indicate that 1 in 4 data breach notification recipients will become a victim of identity theft.
If you do receive a breach notification letter, read it and take the proper steps to ensure its legitimacy, such as directly contacting the entity that sent the letter. Then follow the steps in the letter and realize that there are organizations, such as the ITRC, that you can turn to for unbiased, helpful information and advice.
The ITRC offers no-cost assistance to consumers and victims of identity theft. The ITRC has been compiling its breach list since 2005.