There were 351 publicly reported data breaches and 12 publicly reported data exposures in the first quarter of 2021. That represents a 12% increase compared to the fourth quarter of 2020. The number of individuals affected by the compromised data soared from 7.6 million in the fourth quarter of 2020 to 50.6 million in the just-completed quarter. That’s a jump of 564%.
Phishing and ransomware remain the top two root causes of data compromises, according to the Identity Theft Resource Center (ITRC) report released Wednesday. The most recent FBI Internet Crime Complaint Center (IC3) report indicates that phishing attacks generated the most complaints from individuals and businesses last year. A total of $1.8 billion in business losses was directly attributed to phishing.
Ransomware costs also increased in the quarter, according to the ITRC, which said last year that “Ransomware and phishing require less effort, are largely automated, and generate payouts that are much higher than taking over the accounts of individuals.” Some 44% of all attacks in 2020 were phishing and 18% were ransomware.
An increase this year in attacks on supply chain providers has affected some 7 million individuals, and the effects of a massive ransomware attack on IT services provider Blackbaud in 2020 continue to cause new data breaches. According to the ITRC, there were 62 new notices in the first quarter, affecting an estimated 146,000 individuals. More than 12.8 million individuals at 555 organizations have been affected by the Blackbaud attack.
Last year ended with reports of a supply chain attack on IT security provider SolarWinds. According to ITRC, no consumer data appears to have been stolen in the attack, but intellectual property and government information were compromised.
At least 30,000 U.S. small businesses, towns, cities and local governments have been attacked in 2021 through security in holes in Microsoft’s Exchange Server email software. Globally, the number of organizations attacked is likely double that number. So far there is no data on how many records were compromised, but ITRC believes that the attack could put millions of people and corporate intellectual properties at risk.
In the first quarter of 2021, 23 attacks on technology companies affected just over 4 million individuals, an increase of 64% in the number of attacks but a decline from 120.1 million individuals affected in the first quarter of 2020.
Affected individuals in the hospitality/leisure sector saw a decline of 100 times, from 5.2 million in the first quarter of last year to just 53,152 so far this year. More than twice as many people in the health care sector (3.2 million) were affected by data breaches and exposures this year than last (1.4 million).