NEW YORK (CNNMoney) — Hackers have exposed the personal information of 110 million Americans — roughly half of the nation’s adults — in the last 12 months alone.
That massive number, tallied for CNNMoney by Ponemon Institute researchers, is made even more mind-boggling by the amount of hacked accounts: up to 432 million.
The exact number of exposed accounts is hard to pin down, because some companies — such as AOL and eBay — aren’t fully transparent about the details of their cyber breaches. But that’s the best estimate available with the data tracked by the Identity Theft Resource Center and CNNMoney’s own review of corporate disclosures.
The damage is real. Each record typically includes personal information, including your name, debit or credit card, email, phone number, birthday, password, security questions and physical address.
It’s enough to get hunted down by an abusive ex-spouse. It makes you an easier target for scams. And even if only basic information about you is stolen, that can easily be paired with stolen credit card data, empowering impostors.
Cyber attacks are growing so numerous that we’re becoming numb to them. Researchers at IT company Unisys say we’re now experiencing “data-breach fatigue.” Even the most recent numbers make for a dizzying list:
Seventy million Target customers’ personal information, plus 40 million credit and debit cards, 33 million Adobe user credentials, plus 3.2 million stolen credit and debit cards, 4.6 million Snapchat users’ account data, 3 million payment cards used at Michaels, 1.1 million cards from Neiman Marcus, “A significant number” of AOL’s 120 million account holders and potentially all of eBay’s 148 million customers’ credentials.
Why does this keep happening? Two things are going on at once.
First, we’re increasingly moving our lives online. Shopping, banking and socializing are now chiefly digital endeavors for many people. Stores rely on the Internet to conduct and process all transactions. As a result, your data is everywhere: on your phone, laptop, work PC, website servers and countless retailers’ computer networks.
Second, hacks are getting more sophisticated. Offensive hacking weapons are numerous and cheap. And hackers have learned to quietly roam inside corporate networks for years before setting off any alarms.
Remember the 1990s caricature of a typical hacker? Pierced, goth and malcontent? Forget it. The age of small-time rabble rousing has given way to large-scale theft with targeted, militaristic precision.
“Now attackers are very focused,” said Brendan Hannigan, who leads the security systems division at IBM. “There are teams of them, and they create malware to attack specific organizations.”
It doesn’t help that the security of the entire Internet relies on a few underfunded volunteers. Or that so many people use outdated software, such as Windows XP, which no longer receives security updates. That leads to pervasive problems like the Heartbleed bug or the recent Internet Explorer flaw that allowed attackers to take over your computer.
“It’s becoming more acute,” said Larry Ponemon, head of the Ponemon Institute. “If you’re not a data breach victim, you’re not paying attention.”
So, get accustomed to the hack of the month. In April, that was AOL. In May, it was eBay. Who what June will bring?