Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for February 4th, 2022. I’m James Lee…and our podcast today is possible thanks to support from Experian.

Each week we look at the most recent events and trends related to data security and privacy. This week also happens to be Identity Theft Awareness Week…which follows last month’s Data Privacy Week. Among the reports issued these past two weeks was the ITRC’s own annual data breach report that shows a number of troubling, but not surprising trends, including a dramatic increase in the lack of transparency about data breaches.

Show Notes

Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/
Follow on Twitter: twitter.com/IDTheftCenter

Show Transcript

True to Us 

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for February 4, 2022. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week also happens to be Identity Theft Awareness Week, which follows last month’s Data Privacy Week. Among the reports issued these past two weeks was the ITRC 2021 Data Breach Report, which shows several troubling but not surprising trends. The trends include a dramatic increase in the lack of transparency about data breaches

Shakespeare warned us about the dangers of withholding information in the trage-comedy Troilus and Cressida. Things didn’t turn out so well for Cressida, who believed that being honest was not the best policy, which gives rise to our episode title today: “Who shall be true to us. When we are so unsecret to ourselves?”   

ITRC 2021 Data Breach Report 

Let’s start with the basics in the ITRC 2021 Data Breach Report: 

There were 1,862 data compromises in 2021 compared to 1,108 in 2020. That’s not only a 68 percent year-over-year increase. It is also an all-time high number of publicly reported events that expose personal information. What’s more troubling is that 1,613 of the compromises were directly related to cyberattacks – those are true data breaches and would be a record for data compromises. The nature of these cyberattacks often means there are few options for an individual consumer to prevent their data from being compromised, which leads to frustration and inaction on the part of consumers.  

Ransomware attacks are on pace to become the number one root cause of data breaches that expose personal information by the end of 2022. Ransomware attacks are increasing because they are easy to execute, they’re highly lucrative, and it's very unlikely that ransomware operators will be caught or prosecuted. All things being equal, ransomware will surpass phishing by the end of this year as the number one root cause of identity compromises. 

 

The number of data breach notices that do not reveal the root cause of a compromise (607) has grown by more than 190 percent since 2020. Combine this statistic with the fact that every state has a different definition of personal information, a different trigger to determine if consumers are notified of a data compromise, when they are notified, and how they are notified. All of this combines to create an inefficient and ineffective system for notifying people when their personal information has been exposed, and they are at risk of identity fraud

One quick comparison to illustrate the point that tens of thousands of data breaches are going unreported: In the U.S., there are about five (5) data compromises reported each day. In the European Union, there are an average of 356 data breaches reported each day. In other words, there are more data breaches reported each day in Europe than there are in two months in the U.S. 

Key Takeaways from the ITRC 2021 Data Breach Report 

Overall, 2022 is likely to look a lot like 2021 based on the current trends. The one trend in the ITRC 2021 Data Breach Report that is somewhat hopeful is the fact that the number of individuals impacted continues to drop year over year. Identity criminals continue to focus on extorting cash from businesses and government agencies using consumer data rather than targeting consumers directly. Consumers are still at risk, and their data is still in high demand, but primarily as a means to attack an organization that limits the data sets targeted by identity criminals.   

We need a uniform notification system with a uniform definition of personal information and a common notice form that is easily understood and actionable by consumers. The resources available to assist victims should also be uniform. The bottom line is we need a system that treats every individual the same and ensures the same level of identity recovery support, irrespective of where they live, unlike the patchwork system we have today. 

Download the ITRC 2021 Data Breach Report 

Contact the ITRC 

If you want to learn more about how to protect your personal information or if you think you have been the victim of an identity crime or compromised, you can speak with an expert ITRC advisor on the phone (888.400.5530), chat live on the web, or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org  to get started. 

Be sure to listen to the latest episode of our sister podcast, The Fraudian Slip, where ITRC CEO Eva Velasquez visits with Kelly Slaughter of the Federal Trade Commission about Identity Theft Awareness Week

Thanks again to Experian for supporting the ITRC and this podcast. We will be back next week with another episode of the Weekly Breach Breakdown.  

Listen On

Also In Season 3