Skip to main content

Half of US Adults Hit by Data Breaches in Past Year

No matter how strong your passwords may be or how carefully you monitor your online accounts, a large-scale data breach can expose your personal information and leave you right back at square one. A recent study suggests some troubling statistics: an estimated 47 percent of all American adults have been affected by data breaches over the last year.

The information comes from the Ponemon Institute, a research firm that studies privacy and data security, which compiled the information for CNNMoney. Through publicly revealed information and its own best guesses, the institute placed the number of American accounts affected by corporate data breaches in the last year at 432 million — a particularly damning statistic, since the entire population of the United States hovers around 314 million.

MORE: How to Protect Yourself from Data Breaches

By considering repeat accounts (obviously, many users had accounts at more than one data-breached site) and which accounts stored sensitive personal information, the Ponemon Institute concluded that in the past 12 months, cybercriminals got their hands on the personal information of at least 110 million American adults.

The Ponemon Institute drew attention to a number of disclosed high-profile breaches: 70 million Target customers, 33 million Adobe users, 4.6 million Snapchat fans, 3 million Michaels shoppers and 1.1 million Neiman Marcus patrons. (That doesn't include the 40 million credit-card numbers stolen from Target.)

Significant numbers of AOL's 120 million subscribers and eBay's 148 million bargain-hunters also suffered breaches, but neither company provided estimates of how many of their customers were affected. Those numbers weren't added to Ponemon's totals, implying that the real figures may be much higher.

A data breach, which occurs when sensitive or normally private information escapes its protections, either by accident or by the actions of  malicious hackers, can often compromise more than just login information, especially if the information includes Social Security numbers, account passwords or dates of birth. (The Target breach was relatively low-impact, exposing only names, addresses, email addresses and telephone numbers.)

Since user accounts are often tied with real names, family information and credit card numbers, an enterprising cybercriminal could use this information for identity theft, stalking or worse.

That said, not every data breach ends catastrophically. Most companies "hash" user passwords by running them through one-way mathematical algorithms before they're stored. This can give consumers enough time to change their login details before cybercriminals crack the hashes, if they figure them out at all.

The sad fact is that if you use major online services or retailers, there's a good chance that your account has been involved in a data breach at this point — or will be soon enough. Be sure to keep an eye on your email accounts, change your passwords frequently and never use the same password for more than one site.

Alternatively, pay for everything in cash, forego the Internet entirely and retreat into the woods for a hermitic life of quietude.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.

  • coolitic
    Doesn't take into account that most of those are the same people.
  • ultameca
    "Most companies "hash" user passwords by running them through one-way mathematical algorithms before they're stored."

    Do they really, I don't think most do... There have also been large corporations that failed too and most of the time you have no way of knowing if the company you are giving your data too is going to encrypt.

    Even if the company hashes the password they usually don't hash the information they collected from you.

    I think it's past time people started caring about the data being collected on them.