The Weekly Breach Breakdown Podcast by ITRC - First Half Data Breach Analysis - S2E20

Show Transcript

Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for July 9th, 2021. I’m James Lee and our podcast today is possible thanks to support from Experian.

Each week we look at the most recent events and trends related to data security and privacy. This week we’re going to look at the data breach trends for the second quarter of this year and what they tell us about how we may end 2021.

First, a brief reminder of how the ITRC reports data. We only include information from US data events that are publicly reported. 

We report data compromises – which includes data breaches, data exposures (think cloud databases with no security), and data leaks – generally public information that is aggregated and used for a purpose other than that for which it was intended (think scraping information from social media sites that are sold for marketing lists or used for phishing attacks).

Now, let’s look at the key takeaways from this week’s ITRC First-Half 2021 Data Breach Analysis.

• Data compromises are up 38 percent over the first quarter and that puts us on a trajectory to end 2021 with a record level of compromises. Every month this year - except May - has seen data compromises higher than the month before. If this trend continues, we will exceed the all-time high number of compromises set in 2017: 1632 publicly reported data events.
• But, the number of people impacted by data compromises is down 20 percent quarter over quarter. That means we could end 2021 with fewer than 250M victims of ID compromises – that continues a trend away from mass collection of individual information that started in 2018.
• To be clear – we are on pace to have the highest number of data compromises ever…in the same year we could see the fewest number of people impacted since the all-time high was set in 2016.
• Data compromises are rising or flat pretty much across the board with half of the sectors tracked by the ITRC showing increases. 

Manufacturing & Utilities along with Professional Services are seeing significant increases while Healthcare and Retail are seeing data compromises drop. This shift reflects the broader trend of cybercriminals focusing their attention on critical infrastructure entities so important they cannot be allowed to remain offline and targets considered to be less-well defended…all in hopes of securing larger ransomware payments. 

• Phishing and Ransomware remain the #1 and #2 root causes of data compromises for Q2 and the first half of the year, but supply chain attacks continue to increase in volume, scale, and complexity. Attacks against vendors that give criminals access to many companies through a single data or security breach increased 19 percent in Q2. The 58 supply chain attacks through June 30th compares to the 70 malware related compromises for the year so far… which indicates that third-party risks are poised to surpass malware as the third most common root cause of data events by the end of this year. 
• In fact, just two days after the end of the second quarter, a major supply chain attack was launched against the cybersecurity provider Kaseya where cybercriminals demanded a record $70M in ransom to restore the operations of more than 1500 companies impacted by the attack. It’s not known if any personal information has been compromised, but we do know this early Q3 attack is an indication that cybercriminals are launching ever more sophisticated attacks that command larger and larger ransom payments

If you have questions about how to keep your personal information private and secure, visit idtheftcenter.org where you’ll find helpful tips and where you can download our First Half 2021 Data Breach Analysis. 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours. 

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to check out our sister podcast – the Fraudian Slip – and we’ll be back next week with another episode of the Weekly Breach Breakdown. Thanks for listening.