Breach, Data Security

Study: 432M hacked accounts in a year, large part of U.S. at risk


Over the last 12 months, approximately 110 million Americans have had their accounts hacked, a study has found.

The bleak figure was said to be a conservative estimate by the Ponemon Institute, which calculated the findings at the request of CNNMoney. According to the outlet, the number of hacked accounts among impacted Americans topped 432 million accounts during that time period.

CNNMoney reported the stats on Wednesday, taking into consideration data tracked by the Identity Theft Resource Center and its own analysis of “corporate disclosures.”

In a Friday interview with, Larry Ponemon, head of the Ponemon Institute, said that the organization came up with the statistic – 110 million Americans impacted and 432 million accounts hacked – by pouring over data breach findings collected since last May.  

“Not every person that is a victim of the Target breach, for instance, will become the victim of identity theft," Ponemon said. "But they are still victims,” he added, referring to the risk associated with exposed records.

The study focused on breaches that were the result of “criminal or malicious activity,” Ponemon said, not those induced by human error or system glitches.

Left out of the data set was eBay's massive breach announced last week, Ponemon added, which reportedly impacted as many as 145 million customers, whose names, addresses, phone numbers, dates of birth, email addresses and encrypted passwords, were exposed to attackers.

Ponemon continued, saying that the overlap of data breaches was another troubling consequence of such incidents.

“Collecting a lot of information about an individual is more valuable [for attackers],” Ponemon said. “They'll take the data, and wait patiently. Then, two or three years after the breach, [the impacted] become the victim of identity theft.”

In March, security research and advisory firm NSS Labs released a report examining the impact of repeated breaches on personally identifiable information (PII), specifically, data that is hard, or impossible, for victims to change.

The study noted that “static” data, such as Social Security numbers, dates of birth, and even physical addresses, are often stockpiled by criminals after breaches so that profiles are created using victims' leaked data.

That study found that the PII of around 319 million Americans had been “repeatedly compromised” in the decade's 10 largest breaches. NSS Labs also highlighted the fact that half of those major breaches occurred in 2013 alone.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.