281 Million People Hit by Data Leaks So Far in 2021

More than 160 million Americans were victimized by compromised data in the third quarter of this year. That’s more than the 121 million who had been victimized in the first six months of 2021.

Cyberattacks have been the primary cause of the compromised data, including 244 ransomware attacks so far this year, more than the 241 total ransomware attacks in 2019 and 2020, combined.

The data was reported Wednesday by the Identity Theft Resource Center (ITRC). So far in 2021, the total number of events leading to leaked data exceeds the 2020 total for the year by 17%. There have been 1,291 events in the first nine months of 2021, compared to 1,108 in all of 2020. More than 700 million user records were scraped from a LinkedIn database in June and those numbers are not included in the ITRC data.

Errors in configuring firewalls and cloud services have accounted for 57 incidents so far this year. By the end of the year, the 2021 total should easily surpass the 61 such incidents last year. The ITRC commented:

The dramatic rise in the number of victims was directly related to 26 instances where cloud databases were not secured. Six (6) cyberattacks against unsecured databases impacted ~48M victims. Twenty (20) organizations failed to secure a cloud database exposing the personal information of 99M individuals. Data exposures due to a system or human error are generally lower risk because there is no indication the information was accessed, copied, or removed from the exposed database.

ITRC also noted an increase in the failure of organizations and state agencies to report data breaches: “Withholding important information or failing to post notices on a timely basis may serve to prevent individuals from taking actions to protect their identities.”

If there’s a bright spot, it’s that there have been no reported incidents of credit card skimming devices so far this year. ITRC attributes the decline to the introduction of chip-enabled payment cards

The full ITRC report is available at the organization’s website.