top of page

Nearly 450 Million Consumer Records with PII Exposed in 2018

According to the Identity Theft Resource Center, who just released their 2018 End-of-Year Data Breach Report, the number of data breaches fell by nearly 25 percent compared to 2017, but the number of compromised records containing personally identifiable information (PII) more than doubled to 446.5 million.

Data breaches leading to compromised identity and payment information leads identity fraud, account takeover and eCommerce payment fraud. Account takeover continues to grow and fraudsters have seemingly endless lists of credentials at their disposal. This problem has been exacerbated by the fact that the supply of compromised identities, stolen payment cards and other credentials remains elevated from a constant barrage of data breaches.

Although the total number of data breaches declined in 2018, according to the Identity Theft Resource Center (ITRC), it was still the second highest number of data breaches reported in one year since the ITRC has been keeping track. More significant the number of breaches is the number of consumer records containing PII that were compromised in 2018: nearly 450 million.

Many of these compromised records came in large breaches, such as one impacting Marriot International implicating 383 million consumer records. Social media sites Facebook and Google Plus were responsible for data breaches compromising 50 million and 53 million users or accounts, respectively.

According to the ITRC’s 2018 End-of-Year Data Breach Report, 30 percent of data breaches resulted from unauthorized access, such as when an employee’s credentials have been compromised. Data breaches where most likely to be the result of hacking, which was associated with 39 percent of data breaches in 2018. Data breaches from unauthorized access nearly tripled from 2017 when it caused 11 percent of data breaches.

For more information:


bottom of page