U.S. breaches are on a record pace, again, following arecord-breaking 2016, according to a report from Providence,R.I.-based CyberScout (formerly IDT911) and San Diego-basedIdentity Theft Resource Center.

The number of U.S.data breaches tracked through June 30, 2017 hit a half-yearhigh of 791. This represents a significant jump of 29% over 2016figures during the same period. At this pace, ITRC anticipates thenumber of breaches could reach 1,500 in 2017, a 37% annual increaseover 2016, when breaches reached a record high of 1,093 incidents. The breachesso far exposed 12,389,462 reported records.

The ITRC defines a data breach as an incident in which an individual name plus aSocial Security number, driver's license number, medical record orfinancial record (credit/debit cards included) potentially putspeople at risk of exposure.

The ITRC 2017 Breach Report is a compilation of data breachesconfirmed by various media sources and/or notification lists fromstate governmental agencies.

Some breaches did not have reported statistics yet or remainedunconfirmed. The ITRC said 67% of data breach notifications orpublic notices did not report the number of records affected, arecord high that represents an increase of 13% over the first halfof 2016 and a major hike over the 10-year average of 43%, accordingto the ITRC.

“We have made progress in transparency regarding data breachnotifications but this only goes so far when we do not havecomplete information. The number of records breached in a specificincident allows us to provide more insight into the scope of thisproblem, and is a necessary next step in our advocacy efforts,” EvaVelasquez, ITRC president/CEO, said.

Broken down by industry category, business tops the list:

• Business = 61%

• Medical/Healthcare = 24.3%

• Educational = 8.7%

• Banking/Credit/Financial = 4.2%

• Government/Military = 1.7%

“Because breaches have become ubiquitous, it is incumbent uponorganizations that suffer a compromise to be candid and provide asmuch information as possible, so that consumers will have the bestopportunity to mitigate their personal consequences,” CyberScoutChairman Adam Levin said.

Hacking, which includes phishing, ransomware/malware andskimming, was the leading cause of data breaches in the first halfof 2017. To date, 63% of the overall breaches involved hacking asthe primary method of attack, an increase of 5% over 2016 figures.Within the hacking category, phishing was involved in nearly half(47.7%) of these attacks. Ransomware/malware, newly added in 2017,represents 18.5% of hacking attacks.

Matt Cullina, CEO of CyberScout, the report's sponsor, noted,“Cyberattacks that target businesses are continuing to rise, ashackers aim to steal the most sensitive personal data and demandpayoffs in crippling ransomware attacks.”

Following are the biggest Top 11 2017 U.S. data breaches, at thehalfway point, based on confirmed, exposed personally identifiableinformation records.

1. America's Joblink Alliance: 4,800,000records

The information exposed included the names, Social Securitynumbers and birthdates of job seekers in Alabama, Arizona,Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma andVermont. According to the Idaho Department of Labor, the breachcompromised as many as 4.8 million accounts nationwide. On February20, according to AJL, a hacker created a new account, thenexploited a vulnerability to access other job seekers' information.America's Job Link Alliance – Technical Support said in a statementthat it first noticed unusual activity on March 12, and confirmedthe breach on March 21.

2. Schoolzilla: 1.3 Million Records

A California student data warehouse platform, Schoolzilla, firstacknowledged the breach on April 12 in a message on its website,which informed customers: “A well-known computer securityresearcher was doing a targeted analysis of Schoolzilla when heuncovered a file configuration error.” The exposed informationincluded the names, addresses, birth dates and test scores of14,000 current and former students in the Palo Alto school districtand more than a million Social Security numbers of otherindividuals.

3. Washington State University – Social & EconomicSciences: One Million Records

The university learned about the theft of a locked safecontaining a hard drive. Not all of the information on the drivewas encrypted and the school determined the hard drive containedsome personal information, including names and addresses.

4. HealthNow Networks: 918,000 Records

Patients who supplied sensitive information to HealthNowNetworks, a Boca Raton, Fla.-based telemarketing organizationproviding medical supplies to seniors, had personal informationexposed online for many months. The database contained a range ofinformation including individuals' names, addresses, emailaddresses, telephone numbers, dates of birth, Social Securitynumbers, health insurance information and medical conditions.

5. Med Center Health/Commonwealth Health Corp.: 697,000Records?

The FBI continues its investigation of a breach affected PII of160,000 patients serviced at some Med Center Health affiliatesbetween 2011 and 2014. The data, exposed perhaps by a formeremployee, included billing information such as name, address,Social Security number, insurance information, and procedure codes.Whether the incident affected 697,800 individuals as listed or only160,000 individuals, as the Med Center Health spokeswoman stated,the breach still ranks as one of the largest so far in 2017.

6. Alliance Direct Lending Corp.: 500,000Records

Researchers discovered what appears to be customer-purchaseinformation, including full names, addresses, FICO credit scores,vehicle information and the last four digits of Social Securitynumbers. Additionally, several audio recordings leaked containedconversations between the customers and lenders, both in Spanishand English. The “consent calls” included the customers' names,dates of birth, Social Security numbers and phone numbers.

7. Airway Oxygen, Inc.: 500,000 Records

On the evening of April 18, 2017, unidentified criminals gainedaccess to the technical infrastructure and installed ransomware inorder to deny Purity Cylinder and Airway Oxygen, two affiliatedcompanies, access to their own data. The types of protected healthinformation involved in the breach included some or allcustomer/end users and payment sources data including full name,home address, birth date, telephone number, diagnosis, the type ofservice provided, and health insurance policy numbers.

8. Arby's: 355,000 Records

According to cybersecurity expert Brian Krebs, sources at nearlya half-dozen banks and credit unions independently inquired inFebruary about a data breach at Arby's, which told KrebsOnSecurityit recently remediated a breach involving malicious softwareinstalled on payment card systems at hundreds of its restaurantlocations nationwide.

9. Urology Austin: 279,663 Records

On Jan. 22, 2017, Urology Austin was the victim of a ransomwareattack that encrypted the data stored on its servers. Theinvestigation indicated that personal information may have beenimpacted by the ransomware, including names, addresses, birthdates,Social Security numbers and medical information.

10. CoPilot Provider Support Services: 220,000Records

The New York-based firm announced unauthorized access of one ofits databases used by health care professionals and notifiedpatients. Although CoPilot did not have evidence to suggest thatany patient information was distributed or misused for purposes ofidentity theft or to cause financial harm, CoPilot notifiedpatients out of caution.

11. IRS Data Retrieval Tool: 100,000Records

The Internal Revenue Service Commissioner reported a breach ofup to 100,000 taxpayers using an online tool to apply for federalstudent aid.