U.S. data breaches in 2015 dropped only slightly below 2014’s record high, with hacking incidents accounting for more than one-third of the breaches, according to a new survey.

Organizations reported 781 breaches last year, the Identity Theft Resource Center said, compared with 783 in 2014. The ITRC, supported by information security firm IDT911, has been tracking breaches since 2005.

Hacking incidents rose 8.4% to a nine-year high of 37.9% in 2015. The next largest category, employee error or negligence, accounted for 14.9% of breaches.

Other sources of compromised data included accidental email/Internet exposure (13.7%), insider theft (10.6%), physical theft (10.5%), and subcontractor/third party theft (9.0%).

“It is safe to assume that the actual number of breaches is much higher than what is reported,” Adam Levin, chairman of IDT911, said in a news release, noting that many breaches are not reported because businesses wish to avoid the financial dislocation, liability, and loss of goodwill that comes with disclosure and notification.

Of the five sectors the ITRC tracks, the business sector experienced the largest number of breaches (nearly 40%) for the first time since 2011. The health/medical sector came in second with 35.5% of breaches, while banking/credit/financial broke into the top three for the first time with 71 breaches (9.1% of the total), nearly double the number reported in 2014.

The ITRC also said there were 388 breaches involving Social Security numbers in 2015 and 160 involving debit/credit cards.

“The opportunities for thieves who possess Social Security Numbers are significantly greater and pose more consumer risk, not to mention more difficulty for the individual consumer when it comes to deployment of risk minimization techniques,” said Eva Velasquez, chief executive of the ITRC.