Data breaches see slight decline after record year in 2021

Publicly-reported data compromises dipped slightly in the first half of the year and cybercriminals continued to shift attacks toward businesses, government agencies and institutions, according to a new report by the Identity Theft Resource Center.

The report on the first half of 2022 found 817 data compromises in the U.S., a 4% decrease compared to the same period in 2021, a record year for data breaches, exposures and leaks.

The number of victims declined 45% to 53.4 million, compared to the same period last year, according to the resource center, a nonprofit that tracks publicly-reported data compromises and provides free assistance to victims.

However, the report noted that about 39 percent of data breach notices did not list a victim count so the true total number isn’t known.

Last year the number of data compromises was the highest since all U.S. states and territories adopted data breach notice laws, with the final two states doing so in 2018.

“Identity-related employment benefits fraud, never much of a problem prior to the pandemic, shot to the top of the list for most reported — and most costly — government benefits fraud,” said Eva C. Velasquez, president and CEO of the resource center.

“Rather than take control of existing financial accounts as in years past, identity criminals preferred to open new accounts using personal information stolen in data breaches or collected from individuals tricked into sharing information with criminals.”

An estimated 87% of data compromises in the first half of this year were due to cyberattacks.

“Ransomware attacks declined quarter-over-quarter for the first time since ransomware surpassed malware as the number two primary cause of data breaches in 2019,” according to the report.

Data compromises 2016-2022  
Year Compromises Victims
2022 ( January-June) 817 53.4 million
2021 1,862 298.1 million
2020 1,108 310.2 million
2019 1,279 883.6 million
2018 1,175 2.2 billion
2017 1,506 1.8 billion
2016 1,088 2.5 billion
Source: Publicly-reported data compromises compiled by the Identity Theft Resource Center 

Ransomware is a type of malicious software that hackers use to infect a computer network, locking out the owner by encrypting the data. The hacker demands money in exchange for a key to restore access and agreeing not to publicly release or destroy stolen data. Two prominent ransomware attacks in 2021 disrupted operations of Colonial Pipeline Co. and meatpacker JBS.

“Security researchers speculate that the sudden decline in ransomware attacks is due to a combination of factors, including the ongoing conflict in Ukraine and the collapse of cryptocurrencies favored by cybercriminals,” the report said.

Phishing, which is a fraudulent email or website masquerading as a legitimate business or person, remained the top root cause of data compromises in the first half.

Lax security protocols, and stolen personal information like logins and passwords obtained through phishing or available on the dark web allow cybercriminals to make their way into computers.

Data compromises in the first half included 802 breaches, where information was removed or misused. Ten cases were data exposures, where data was unsecured but there is no indication information was accessed, copied or removed. The type of compromise was unknown for five incidents.

Supply chain attacks continue to be favored by cybercriminals, the report said. These are hacks that start with one company but give hackers access to data or the ability to spread malicious code to customers of the original target company.

Supply chain attacks on 44 companies impacted 367 entities and 4.1 million individuals in the first half, the report said. In 10 cases the original attack occurred in 2020 or 2021.

One of those companies hit in 2022 was Illuminate Education, a California-based student-tracking software firm. So far 234 entities and 201,586 victims reported being impacted. But but the resource center said data is still being collected and it is believed that the cyberattack affected more than 600 school districts.

“Our research shows that most people who receive a data breach notice struggle to understand what it means or what to do to protect themselves,” Velasquez, said. “Supply chain attacks are even more complicated as the organization that was attacked and the entity that owned the data figure out who is responsible for issuing a notice or if one is required.”

Cybersecurity best practices
Employee cybersecurity awareness training
Install firewall and anti-virus software
Replace equipment and software that is out-of-date
Install security patches and updates immediately
Do frequent and duplicative backups
Have a written cyberattack response plan
Install virtual private network
Scan emails before they go to employees
Change passwords frequently
Use multi-factor authentication

Follow @LynnHulseyDDN on Twitter and Facebook

About the Author