Data breaches are on a record pace this year, both in the numberof breaches and records exposed, according to the San Diego-basedIdentity Theft Resource Center.

The ITRC defines a data breach as an incident in which an individual name plus aSocial Security number, driver's license number, medical record orfinancial record (credit/debit cards included) is potentially putat risk because of exposure.

The ITRC 2015 Breach Report is a compilation of data breaches confirmed by various media sources and/ornotification lists from state governmental agencies. Some breachesdo not have reported statistics yet or remain unconfirmed.

In 2014, the number of U.S. data breaches tracked by the ITRChit a record high of 783, with 85,611,528 confirmed recordsexposed. So far this year, as of June 30, the number of breachescaptured on the ITRC Breach Report totals 400 incidents with117,576,693 confirmed records at risk.

So far this year, the five industry sectors broken down by theITRC based on the number of breaches are: Business (40.3%),Medical/Healthcare (35%), Banking/Credit/Financial (10%),Educational (7.7%) and Government/Military (7.3%).

Based on the number of confirmed records, the industry breakdownis as follows: Medical/Healthcare (100,926,229),Government/Military (15,391,057), Educational (724,318),Banking/Credit/Financial (408,377) and Business (126,712).

The ITRC also reported a significant jump of about 85% in thenumber of breaches in the Banking/Credit/Financial sector comparedto the same period last year. The biggest credit union breach sofar this year took place at the $308 million, Winston-Salem,N.C.-based Piedmont Advantage Credit Union, which notified its46,000 members in early March that one of its laptops containingpersonal information, including Social Security numbers, wasmissing.

What follows are the worst breaches of 2015 so far, based on theconfirmed number of records exposed:

1. 78.8million records: In February at the Indianapolis,Ind.-based health insurer Anthem Inc., hackers obtained access to acorporate database reportedly containing personal information ofcurrent and former U.S. customers and employees. “Anthem was thetarget of a very sophisticated external cyberattack,” Joseph R.Swedish, president/CEO of Anthem Inc., said. A FAQ related to thebreach reported attackers gained unauthorized access to Anthem's ITsystem and obtained personal information from current and formermembers, such as their names, birthdays, medical IDs, SocialSecurity numbers, street addresses, email addresses and employmentinformation, including income data.

2. 11 million records: TheMountlake Terrace, Wash.-based Premera Blue Cross disclosed that anintrusion into its network might have resulted in the breach offinancial and medical records. It indicated that state-sponsoredespionage groups based in China might have been the culprits. In astatement posted on its website about the breach, the company saidit learned about the attack on Jan. 29, 2015. However, itsinvestigation revealed that the initial attack occurred on May 5,2014. “This incident affected Premera Blue Cross, Premera BlueCross Blue Shield of Alaska, and our affiliate brands Vivacity andConnexion Insurance Solutions, Inc.,” the company said.

3. 10 millionrecords: In June, a DHA statement blamed Chinesehackers for a breach that captured identifying informationbelonging to the Office of Personnel Management. Whileinvestigating the cyberattack on the information of about fourmillion federal employees, officials discovered “a separateintrusion into OPM systems that may have compromised informationrelated to the background investigations of current, former andprospective federal government employees, and other individuals forwhom a federal background investigation was conducted.” Reportsfrom Bloomberg and the Associated Press said hackers tapped into asmany as 14 million personal records, a number OPM would notconfirm, citing its continuing inquiry.

4. 1.1million records: In May, CareFirst BlueCrossBlueShield announced a cyberattack on its system that compromisedpast and current CareFirst members across the Mid-Atlantic region,where CareFirst is the largest payer, according to Reuters. Thecompromised information included individual member usernames forCareFirst's website, names, birth dates, emails and memberidentification numbers. The hackers did not acquire Social Securitynumbers, medical claims, or employment, credit card or financialinformation. Mandiant, a cybersecurity firm CareFirst hired toconduct a review, believes the attack occurred in June 2014. Thecyberattack appears to be a one-time breach.

5. 912,906records: The Georgia Department of Community Healthreported two separate incidents on March 2,2015.

6. 364,012records: On March 2, 2015, Auburn University inAuburn, Ala. became aware of the unintentional availability ofpersonal information belonging to certain current, former andprospective students beginning in September 2014. Auburn Universitycorrected the issue and retained independent forensics experts toidentify the scope of the disclosures.

7. 350,000 records: In January,the New York City-based Morgan Stanley fired an employee whoallegedly stole and posted data, including account numbers,belonging to as many as 350,000 wealth management customers. Thebank alerted law enforcement and found no evidence that customerslost any money, and said it detected account information for about900 clients on an external website and “promptly” removed it. Ahacking attack against JPMorgan Chase & Co. last yearcompromised personal information belonging to about 76 millionhouseholds.

8. 306,789records: In May, the South Bend, Ind.-based BeaconHealth System notified the media and affected patients that it wasthe subject of a sophisticated phishing attack. It said there wasno confirmation of any real or attempted misuse of personal orprotected health information. Beacon reported that unauthorizedindividuals gained access to Beacon employee email boxes, whichcontained the personal and protected health information of someindividuals, including patients.

9. 200,000records: In April, the Florida Department of EconomicOpportunity in Jacksonville reported one of its employees managedto access the Florida Department of Children and Families' FloridaACCESS system. The employee then obtained the names and socialsecurity numbers of more than 200,000 people in the DCFsystem.

10. 160,000records: In January, Metropolitan State University inSt. Paul, Minn. learned of a computer security intrusion and alikely data breach. The school investigated the scope of whatappeared to be unauthorized access to a university server thatcontained personal information belonging to faculty, staff andstudents. Updated reports disclosed that an Australian teenagerhacked the info via an SQL injection. The hacker may have accesseddata belonging to past and present students in December 2014. Theschool said this data included names, birth dates, contactinformation, grades and partial Social Securitynumbers.