The number of data breaches publicly reported in 2021 in the U.S. have officially exceeded the numbers from 2020. On October 6, 2021, the Identity Theft Resource Center released its analysis and overall findings of the data breaches that have been publicly reported in the U.S. The Identity Theft Resource Center, otherwise known as the ITRC, is a national nonprofit organization that is nationally recognized for helping victims of identity crime.
The Identity Theft Resource Center's findings showed that the number of U.S. data breaches went down 9% in the third quarter of 2021 in comparison to the second quarter of 2021. In the third quarter, there were 446 breaches, whereas in the second quarter, there were 491 breaches.
While this seems like a positive direction, the reality is that the overall numbers of data breaches in 2021 have already exceeded the number of data breaches in 2020. With the year not yet over, the 2021 numbers are already 17% higher than those in 2020, with 1,291 breaches publicly reported during this year compared with the 1,108 data breaches reported in 2020.
If the number of data breaches continue to hit similar numbers throughout the rest of 2021, it is expected to break the record number of publicly reported data breaches in any given year. That record is currently held by the year 2017, with 1,529 data breaches reported. In the announcement from the Identity Theft Resource Center there was a statement from the ITRC President and CEO, Eva Velasquez, who shared that the U.S. is only 238 data breaches away from tying that 2017 record. Velasquez encouraged people to practice "good cyber-hygiene" moving forward to prevent this.
It is worth noting that the analysis from the Identity Theft Resource Center includes that there are certain organizations and state agencies that do not include the details of any data compromises, or do not report them in a timely manner. This, of course, skews the data and could mean that these numbers are even higher.
Keeping in mind that the number of data breaches decreased quarter over quarter, the number of victims actually went up. In the third quarter of 2021, there were 160 million reported victims of data compromise. This is higher than the entire first half, or first two quarters of 2021 which had 121 million victims. According to Fortune, the highest number of victims was in 2018 with 2.2 billion victims.
Among some of the more notable data breaches of the year 2021 thus far have been that of the United Nations, Volkswagen, the 20/20 Eye Care Network, Microsoft and Astoria Company, among many others.
The United Nations breach took place in April of 2021, and it appears that hackers had access until at least August. It appears that the hackers purchased a UN employee's login information and used it to gain access — undetected — to the project management software used by employees. In October, the United Nations reports to still be dealing with fallout from the breach.
The Volkswagen Group of America breach was comprised of information gathered between 2014 and 2019, and the breach itself occurred between August 2019 and May 2021, according to CRN. There were 3.3 million victims of this breach, most of whom were exposed through contact information and vehicle data.
The 20/20 Eye Care Network breach compromised names, addresses, Social Security numbers, member ID numbers, health insurance information and dates of birth for members of the 20/20 Eye Care health plan. In this case, 3.25 million people are victims of the data breach, however according to CRN 20/20 doesn't believe there was actually any misuse of personal information of the victims.
Microsoft reported its breach in March of this year. Through the breach, email communications from more than 30,000 organizations that use Microsoft were compromised. These organizations included local governments, government agencies and businesses. According to Microsoft's report in March, it was the eighth cyberattack they reported in the last year.
As for Astoria Company's data breach, there are potentially 30 million people impacted. An analysis by Night Lion showed that information like Social Security numbers, bank accounts and driver's license numbers were exposed for some (about 10 million) and for another 10 million it was information like credit history, medical data, and vehicle and home information. Also included in the data breach for Astoria Company was email transaction logs with sensitive user information.