Data-compromise incidents hit an all-time high in 2021, totaling 1,862, up 23% from the previous record high of 1,506 in 2017, according to the Identity Theft Resource Center’s Annual Data Breach Report. On a year-over-year basis, the number of the compromises increased 68% in 2021, compared to 2020.
The number of breaches involving sensitive information, such as Social Security numbers, represented 83% of the overall number of compromises in 2021, compared to 80% in 2020. Despite the year-over-year over increase, the percentage of breaches involving sensitive information remains well below the all-time high of 95% set in 2017.
Cyberattacks are a primary cause for data compromises. Phishing, smishing—the act of committing text-message fraud to try to lure victims into revealing account information or installing malware—and business email compromise were the most frequently used attack vectors, accounting for 33% of all known cyberattacks attacks in 2021. Other, or non-specified attack vectors, were used in 27% of the attacks. The number of data breach notices that do not reveal the root cause of a compromise totaled 607 in 2021, a nearly two-fold increase since 2020.
Ransomware was the third most-used attack vector, accounting for 22% of the attacks. Ransomware-related data breaches have doubled in each of the past two years, according to the ITRC. At their current rate, ransomware attacks will surpass phishing as the number-one root cause of data compromises in 2022.
Overall, there were more cyberattack-related data compromises (1,603) in 2021 than all data compromises in 2020 (1,108).
“The number of breaches in 2021 was alarming,” Eva Velasquez, president and chief executive of the Identity Theft Resource Center, says in a prepared statement. “Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them. If those defenses failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”
Given the increase in data compromises in 2021, there is no reason to believe the level of data compromises will suddenly decline in 2022, Velasquez says. “As organizations of all sizes struggle to defend the data they hold, it is essential that everyone practice good cyber-hygiene to protect themselves and their loved ones from these crimes,” she adds.