Arby's Data Breach Exposes 350,000 Records; 2017 Total Leaps Above 1 Million

The latest count from the Identity Theft Resource Center (ITRC) reports that there have been 144 data breaches recorded this year through February 14, 2017, and that over a million records have been exposed since the beginning of the year.

A point-of-sale malware attack on corporate-owned Arby’s restaurants added an estimated 350,000 compromised records to the total number of records exposed so far in 2017. Arby’s owns about 1,000 of its more than 3,300 U.S. stores. Not all the company-owned stores and none of the franchised stores were affected, according to the company.

According to a report from Brian Krebs, the data breach is believed to have occurred between October 25, 2016, and January 19, 2017. Arby’s says that the malware attack is now “fully contained and eradicated … on our point-of-sales systems.”

Krebs notes in his report that consumers are not liable for fraudulent charges on their credit or debit cards but that they must report the unauthorized transactions.

The medical/health care sector leads all sectors in the number of records compromised so far in 2017. The sector posted 31.9% (46) of all data breaches. The number of records exposed in these breaches totaled tops 630,000, or about 61.6% of the 2017 total.

The business sector accounts for nearly 350,000 exposed records in 64 incidents. That represents 44.4% of the incidents and 33.9% of the exposed records so far in 2017.

The educational sector has experienced 25 data breaches since the beginning of the year. The sector accounts for 17.4% of all breaches for the year and more than 20,000 exposed records, about 2.1% of the year’s total.

The government/military sector has suffered nine data breaches to date in 2017, representing about 2.4% of the total number of records exposed and 6.3% of the incidents. Over 24,000 records have been compromised in the government/military sector.

The number of banking/credit/financial sector has reported no breaches so far this year. The sector accounted for 52 data breaches in 2016, involving about 72,000 records, some 4.8% of the total number of breaches and about 0.2% of the records exposed for the year.

Since beginning to track data breaches in 2005, ITRC had counted 7,010 breaches through February 8, 2017, involving more than 888 million records.