The Identity Theft Resource Center® (ITRC), a nonprofit organization established to support victims of identity crime, will release its 16th Annual Data Breach Report, supported by Sontiq, a TransUnion company, at the Identity, Authentication, and the Road Ahead Policy Forum hosted by the Better Identity Coalition (BIC), FIDO Alliance and the ITRC.
According to the 2021 Annual Data Breach Report, the overall number of data compromises (1,862) is up more than 68 percent compared to 2020. The new record number of data compromises is 23 percent over the previous all-time high (1,506) set in 2017. The number of data events that involved sensitive information (Ex: Social Security numbers) increased slightly compared to 2020 (83 percent vs. 80 percent). However, it remained well below the previous high of 95 percent set in 2017.
The number of victims continues to decrease (down five (5) percent in 2021 compared to the previous year) as identity criminals focus more on specific data types rather than mass data acquisition. However, the number of consumers whose data was compromised multiple times per year remains alarmingly high. Other findings in the 2021 Annual Data Breach Report include:
- Ransomware-related data breaches have doubled in each of the past two years. At the current rate, ransomware attacks will surpass phishing as the number one root cause of data compromises in 2022.
- There were more cyberattack-related data compromises (1,603) in 2021 than all data compromises in 2020 (1,108).
- Compromises increased year-over-year (YoY) in every primary sector but one – Military – where there were no data breaches publicly disclosed. The Manufacturing & Utilities sector saw the largest percentage increase in data compromises at 217 percent over 2020.
- The number of data breach notices that do not reveal the root cause of a compromise (607) has grown by more than 190 percent since 2020.
“In 2021, we saw a shift in the identity crime space,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “Too many people found themselves in between criminals and organizations that hold consumer information. We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud. The number of breaches in 2021 was alarming. Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them. If those defenses failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”
“There is no reason to believe the level of data compromises will suddenly decline in 2022. As organizations of all sizes struggle to defend the data they hold, it is essential that everyone practice good cyber-hygiene to protect themselves and their loved ones from these crimes.”
Later in Q1 2022, the ITRC will launch a free alert service for consumers where individuals can create a list of companies with which they do business. If an organization on the list is added to our notified data compromise database, a subscriber will receive an email alert.
Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.
