The Weekly Breach Breakdown Podcast by ITRC - The ITRC Goes To Washington

Show Transcript

The ITRC Goes to Washington 

Welcome to the Identity Theft Resource Center’s (ITRC’s) Weekly Breach Breakdown for October 8th, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we’re going to look at the data breach trends for the third quarter of 2021 and we’re going to talk about a congressional hearing this week. That’s why we’re calling this episode – The ITRC Goes to Washington. Listen to the full episode on your preferred podcast platform.

On Wednesday, the U.S. Senate Committee on Commerce, Science, & Transportation met to hear from a panel of experts on how to enhance data privacy & security. The ITRC was invited to share the latest data breach trends and offer suggestions on how to reduce the cyberattacks that lead to data breaches that ultimately may lead to an identity crime. 

2021 Data Breach Trends & Q3 Analysis 

Committee Chair Maria Cantwell of Washington started the hearing by sharing the latest stats on data breaches, pulled directly from the ITRC’s Q3 Data Breach Analysis that had been issued just about two hours earlier. And here’s what the report concluded: 

• The number of data compromises publicly-reported this year have already exceeded the total number of events in 2021 by 17 percent.  

• The trendline continues to point to a record-breaking year for data compromises. We are only 238 data events away from the all-time high set in 2017. It’s highly likely we will see a new high-water mark between a combined 1700 to 1800 data breaches, data exposures, and data leaks compared to 15.  

• The number of victims increased in Q3 by ~160M individuals. That’s more than all victims in Q1 & Q2 combined. That’s a huge jump and it means a lot of people are at risk of an identity crime, but about 100M of those people are victims of a data exposure related to 20 organizations that did not secure their cloud databases.  Those are lower-risk events since the data had not been copied or removed from the database where it was stored. 

• Phishing is far and away the primary way criminals attack businesses & individuals. Ransomware is so pervasive, though, that the total number of data breaches related to a ransomware attack against an organization so far this year exceeds the total number of ALL types of data compromises last year. 

• There is a disturbing trend developing where organizations and state agencies are not sharing specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice in the past 12 months.  

• There is some good news in the latest data breach numbers: There have been no publicly reported data compromises in 2021 attributed to payment card skimming devices. If this trend continues, this will be the first year since chip & PIN payment cards were first introduced where they have been no reported data breaches caused by skimmers.  

3 Actions To Address Identity Crimes

The Senate also asked the ITRC for recommendations on how to address the interrelated issues of cyberattacks, data breaches, and identity crimes. We offered three actions that we believe will be helpful: 

• Better cybersecurity standards and practices that are enforceable 

• Better enforcement of laws and regulations 

• And, a better victim notification system  

We also suggested there also needs to be discussion around how to better support victims of identity crimes. 

October is Cybersecurity Awareness Month 

It’s Cybersecurity Awareness Month and the ITRC encourages you to take this time to learn how to protect yourself, your family, and friends from cyber and identity criminals. You’ll find a wealth of information on our website – idtheftcenter.org. Later this month we’ll release our first report on what happens to small businesses and solopreneurs when they suffer a cyber or identity crime. And in November, the ITRC will unveil a new website with new tools and ways to communicate with or team of identity advisors. 

On October 27, we’ll issue our very first Business Aftermath Report. As a companion to our longtime report on the impact of identity crimes on consumers, the Business Aftermath Report will look at what happens to small businesses and solopreneurs after a security breach, a data breach or both.  

Contact the ITRC 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.  

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for another episode of the Weekly Breach Breakdown.