2021 Sets a New Record for Security Breaches

February 28, 2022 | 4 minutes read

As stated by the Identity Theft Resource Center, a California-based non-profit organization that works to mitigate the risks of identity theft around the country, the number of security breaches that occurred within the U.S. in 2021 is the highest that has ever been recorded. For context, there were 1,862 reported data breaches within the U.S. in 2021 alone, a 68% increase from the previous year. These breaches occurred in almost every sector of the economy, ranging from education and financial services to manufacturing and utilities. In terms of the types of data that were compromised in these breaches, names, full social security numbers, and dates of birth were the most common forms of personal information that were compromised.

Alternatively, while the number of security breaches that occurred significantly increased in 2021, it would appear as though the level of transparency that is provided to American consumers in terms of such breaches simultaneously decreased in the same year. To illustrate this point further, there were 209 reported security breaches in 2020 that had missing information or details. This number increased to 607 in 2021, in what many cybersecurity professionals suspect might be the start of a destructive trend. As the freezing of an individual’s credit report is one of the most effective ways to fight identity theft, any delay in notification as it concerns a security breach can have adverse consequences for all parties involved.

Why did the number of data breaches increase in 2021?

As has been the case with other major events and circumstances that have taken place both in the U.S. and around the world in the midst of the COVID-19 pandemic, one of the main reasons for the significant number of data breaches that occurred in 2021 was an increase in internet usage in all facets of society. For example, while some colleges and universities may offer online courses, the vast majority of K-12 education within the U.S. is conducted within physical classrooms. However, this all changed with the onset of the COVID-19 pandemic, as children of all ages were now forced to take their academic studies online. Similar changes were also implemented within the job sphere.

As lockdowns in 2020 forced many businesses and organizations into remote work, millions of Americans who had used the internet primarily for leisure were now depending on such technology for survival. These developments are reflected in the data has been collected concerning all reported security breaches in 2021, as phishing and ransomware attacks represented the two most common forms of cyberattacks during the year. In many instances, cybercriminals use these means to hack into a particular business or agency through the theft of a legitimate employee’s credentials. Conversely, physical attacks, such as the stealing of confidential documents or devices, significantly decreased in 2021.

To this point, another contributing factor to the increase in security breach incidents in 2021 was an increase in the use of cloud services for remote work. As a cloud server may hold personal information pertaining to millions of employees that would have historically been contained within a physical location, hackers that were able to access such services came away with much more personal data than they had in previous years. Moreover, as the sudden shift into remote work left many businesses and organizations with outdated cloud infrastructure, many employees would likely have been risking having their personal information compromised without their knowledge.

What can consumers do to reduce and combat the adverse effects of a security breach?

While the primary steps that consumers can take to protect themselves against security breaches and identity theft are to freeze their credit accounts and change their passwords, these steps can only be implemented once a consumer has been notified of the occurrence of such an event. As such, the lack of transparency that many businesses within the U.S. extended to the general populace in terms of data breach notifications is an extremely troubling advancement. Nevertheless, there are still additional steps and measures that the average citizen can take to mitigate the issues that can arise after being negatively impacted by a security breach.

For example, there are numerous consumer breach alert services, such as Have I Been Pwned?, Dehashed, and Firefox monitor, that allows consumers to do their own due diligence as it relates to security breaches, in contrast to waiting on a business or organization to provide them with notification. On the other end of the spectrum, as it pertains to preventative measures, consumers can also reduce their chances of being exposed to a security breach through the use of an online password manager. Through the use of online password managers, consumers can ensure that they are creating strong and secure passwords for all of their devices and online accounts, greatly reducing their chances of having their personal information compromised.

Despite the massive increase in the number of security breaches that took place in 2021, there is no evidence to suggest that this number will decrease in the upcoming years. What’s more, as security breaches become more commonplace, many businesses in the U.S. have been failing to adequately protect the information that they collect, process, store, and ultimately use. With this being said, American consumers will have to do their own research and due diligence in trying to avoid having their data stolen as a result of a security breach, as by the time many people educate themselves about such occurrences, their personal information has already been compromised.