Reported data breaches in the US during 2008 were up 47% on the previous year, to 656, of which 78 affected financial institutions, according to a study from the Identity Theft Resource Center (ITRC).
The ITRC breaks down its figures into five sectors - business, educational, government/military, health and financial/credit. Financial services accounted for the fewest number of breaches - 78, or 11.9% of the total.
"The financial, banking and credit industries have remained the most proactive groups in terms of data protection," says the ITRC.
The ITRC says at least 35.7 million records were potentially breached but the true figure is likely to be far higher because 41.9% of cases went unreported or undisclosed.
Financial services accounts for over 18.1 million compromised records, a huge 52.5% of the total. This is largely down to the biggest single breach last year, which saw BNY Mellon Shareowner Services losing around 12.5 million records - including social security numbers, names and addresses - when a box containing unencrypted customer data tapes went missing in transit in February.
In addition, RBS WorldPay was hit by a breach affecting 1.5 million records and Countrywide had two million compromised last year.
Most of the financial sector breaches were the result of hacking, followed by insider theft. Of all breaches across all sectors, 3.5% are attributable to hacking at financial firms, 2.4% to insider theft, 1.7% to data on the move, 0.8% to accidental exposure and 0.8% to subcontractors.
Electronic breaches account for 82.3% of the total, compared to 17.7% for paper. Despite this, just 2.4% of all breaches had encryption or other strong security methods in use and only 8.5% even had password protection.