According to the Identity Theft Resource Center®, publicly-reported U.S. data compromises in Q1 2021 were up 12 percent (to 363) from Q4 2020. No big deal, right? But the number of individuals impacted is up 564 percent (51 million in Q1 2021 versus eight million in Q4 2020). That’s a huge jump and a lot of people affected by data breaches!
As covered by Sharon Nelson’s excellent Ride the Lightning blog, a primary reason for the gap in compromises and impacts is a 42 percent rise in the number of supply chain attacks compared to Q4 2020, a trend discussed in the ITRC’s 2020 Data Breach Report.
One hundred and thirty-seven (137) organizations reported being impacted by supply chain attacks in Q1 2021 at 27 different third-party vendors, including IT provider Accellion. The publicly reported supply chain attacks affected seven million people. Nineteen supply chain attack-related compromises were reported in Q4 2020.
More conclusions from the Q1 2021 report:
- Phishing and ransomware attacks continue to be the primary root causes of data compromises.
- The increase in data compromises and impacted individuals was also influenced by 59 data events reported in early Q1 2021 that occurred in late December 2020.
- The 2020 supply chain and ransomware attack against IT provider Blackbaud continues to result in new data breach notices; 62 new notices in Q1 2021 that impacted approximately 146,000 additional individuals. More than 12.8 million people at 555 organizations have now been affected by the attack first reported in mid-2020.
- The report reinforces the trends highlighted by the ITRC, the FBI, and various security vendors that point to a rise in cybercrimes focused on stealing company resources using personal information. “
As Sharon notes “the hits just keep on coming”. And it seems that those hits lead to more people affected by data breaches than ever. Who hasn’t been affected at this point?
So, what do you think? What is your organization doing to limit the number of people affected by data breaches? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.