Data breaches declined sharply during the first half of 2021, says a report from Risked Based Security Inc. The number of publicly reported data breaches during the first six months of 2021 totaled 1,767, down 24% from the same period in 2020. At the same time, the number of sensitive or confidential records exposed in data breaches totaled 18.8 million, a 32% decline from the first half of 2020.
Even so, the bulk of the decline occurred during the first quarter of the year, with just 934 breaches reported during the period.
Healthcare providers remain the primary target for hackers. The sector reported 238 breaches during the first half of the year. Healthcare has been at or near the top of the list of targets for hackers since 2017. Finance and insurance companies were the second most-targeted, totaling 194 breaches, followed by communications companies with 180 reported breaches.
Names were the most frequently targeted piece of information, representing 61% of the data types lost in breaches during the first half of 2021, compared to 45% a year earlier and 28% during the first half of 2019. Social Security Numbers were the second most stolen pieces of data, accounting for 38% of data types lost in breaches, compared to 27% in 2020 and 15% in 2019.
While hackers have been focusing on pilfering names and Social Security Numbers, they are focusing less on stealing email addresses. These represented 17% of the data types stolen during the first half of the year, compared to 40% in 2020 and fully 67% in 2019.
“The randomness of data pilfered during ransomware attacks and the hodgepodge of information that resides in email accounts, coupled with fewer-than-expected data leaks containing access credentials, is having an impact on the types of data exposed,” says the report. “In fact, the number of breaches exposing email addresses coupled with passwords has dropped to its lowest level in three years.”
The report continues, “While that may sound like good news on the surface, the amount of email addresses and passwords exposed remains stubbornly high. In the first half of the year, over 16 billion passwords along with email addresses were compromised. Despite the small number of breaches that exposed access credentials, there is still an astounding amount of this data available.”
One disturbing trend that emerged during the first half of 2021 is that, despite the decrease in breaches, the severity of each intrusion is rising. The average breach severity score during the first quarter of 2021 was 5.6, compared to 4.8 during the same period in 2020. During the second quarter, the average breach severity score was 5.5, the same as it was during the second quarter of 2020. Overall, breach severity scores have been rising since 2019, when the severity scores for the first and second quarter were 4.1. and 4.6, respectively, according to Risk Based Security.
As a result, breach severity and the number of breaches exposing large amounts of data remain troublesome trends, despite the decline in the overall number of breaches during the first half of the year, the report cautions.
“Breach severity is on the rise as demonstrated by both the average severity score and the number of breaches exposing large amounts of sensitive data, including two breaches exposing over 1 billion records,” the report says.