Salted Hash reports:
In the first quarter of 2016, at least 41 organizations were victimized by BEC attacks, but that number is closer to 70 when additional disclosures are counted. Some organizations were successfully hit earlier in the year, but only just recently discovered the problem, delaying notification.
Read more on Salted Hash. The numbers are actually even higher than what they report. My current scratch list to keep track of such reports now stands at 99 incidents, and I expect we’ll continue to see more reports submitted to state attorneys general. Many of these incidents can be found in this site’s phishing category.