Data compromises hit record high; cybercriminals use stolen information to attack businesses

Sam Fried

ExploreCompanies skimp on cybersecurity defense at their own peril Data compromises in 2021 were 23.6% higher than the previous record of 1,506 in 2017. Eighty-three percent of data compromises involved sensitive information, such as Social Security numbers, a slight increase from 2020 but still below the previous high of 95% […]

ExploreCompanies skimp on cybersecurity defense at their own peril

Data compromises in 2021 were 23.6% higher than the previous record of 1,506 in 2017. Eighty-three percent of data compromises involved sensitive information, such as Social Security numbers, a slight increase from 2020 but still below the previous high of 95% set in 2017, the report said.

“The number of breaches in 2021 was alarming. Many of the cyberattacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them,” Velasquez said. “If those defenses failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”


Compromised data incidents – U.S. – 2017-2021  
Data Total
Social security number 3,839
Personal health information 2,170
Driver’s license 1,181
Bank account 1,280
Email or password 961
Other 1,013
Source: The Identify Theft Resource Center, which tracks publicly reported data breaches, exposures and leaks.

The number of individual victims declined by 5% in 2021, a downward trend as cybercriminals in recent years turned their attention to stealing specific data types rather than mass data acquisition.

There also was an increasing trend toward supply chain attacks, where a cybercriminal attacks a single company and then uses that access to infect companies in its supply chain.

One of the prominent ones in 2021 was an attack on Accellion, a U.S. based software provider. Accellion’s file sharing software was compromised by ransomware gangs and other cyber thieves, impacting 38 customers and putting nearly 6.8 million consumers at risk, the report said.

ExploreCybercriminals make eye-popping ransom demands

Ransomware attacks are when hackers use malicious software — or malware — to infect a computer network, locking out the owner by encrypting the data. The hacker demands money in exchange for a key to restore access and agreeing not to publicly release or destroy stolen data.

It’s unknown exactly how many businesses were hit by ransomware attacks, as owners often keep the attack secret and broad gaps exist in reporting requirements, which experts say hinders efforts to battle the problem.

Two prominent ransomware attacks in 2021 were on Colonial Pipeline Co. and meatpacker JBS, both of which had significant business disruptions after the May attacks. Both paid ransoms in cryptocurrency, with JBS paying $11 million and Colonial $4.4 million. In June the U.S. Department of Justice announced its new digital extortion task force had recovered about $2.3 million of Colonial ransom payment after the company had acted quickly to notify the FBI and followed instructions to help investigators track the payment, CNN reported.

Explore5 experts: Cybercriminals want your data and ransom money

“That’s been my principal concern: the cryptocurrency,” said Kyle Jones, associate professor and chairman of the computer science and information technology department at Sinclair Community College. “It has ramped this up big time. It’s on its way to becoming a billion dollar enterprise because of cryptocurrency.”

Ransomware-related data breaches have doubled in each of the past two years and are on track to surpass phishing as the top root cause of data compromises, the report said.

Phishing is a fraudulent email or web site where the fraudster pretends to be a legitimate business or person.

Caption

Data compromise sector trends reported for the last three years in the Identity Theft Resource Center’s 2021 Annual report.

Credit: Contributed

Data compromise sector trends reported for the last three years in the Identity Theft Resource Center's 2021 Annual report.

Credit: Contributed

caption arrowCaption

Data compromise sector trends reported for the last three years in the Identity Theft Resource Center’s 2021 Annual report.

Credit: Contributed

Credit: Contributed

Also in 2021, data compromises increased year-over-year in every primary sector but the military, which had no publicly disclosed data breaches. Financial services had the most compromises, but the largest percentage increase was in the manufacturing and utilities sector, which had a 217% increase over 2020, the report said.

“There is no reason to believe the level of data compromises will suddenly decline in 2022,” Velasquez said. “As organizations of all sizes struggle to defend the data they hold, it is essential that everyone practice good cyber-hygiene to protect themselves and their loved ones from these crimes.”

ExploreThieves stealing passwords can get ‘keys to the kingdom’

Most consumers have been the victim of a data breach and more than half of social media users have had their accounts compromised, according to a 2021 survey of 1,050 adult consumers in the U.S. by the resource center and DIG.Works, a consumer research company. It found that 16 percent of respondents took no action after receiving a data breach notice.

Victims of identity theft or those looking for assistance and information about the problem can get free help from the resource center by calling 888-400-5530 or visiting idtheftcenter.org to live-chat.


Cybersecurity best practices
Employee cybersecurity awareness training
Install firewall and anti-virus software
Replace equipment and software that is out-of-date
Install security patches and updates immediately
Do frequent and duplicative backups
Have a written cyberattack response plan
Install virtual private network
Scan emails before they go to employees
Change passwords frequently
Use multi-factor authentication

Follow @LynnHulseyDDN on Twitter and Facebook

ExploreSee more stories by Lynn Hulsey
ExploreExpert: Great managers, quality onboarding and training key to finding, retaining talent
ExplorePHOTOS: 500 people hear about Dayton region economic wins during DDC meeting in Carillon ballroom
ExploreHusted: Intel project sparks interest in Ohio and could be much bigger than announced
ExploreDayton businessman Brian Higgins found guilty of federal charges
ExploreRepublican Moreno ends U.S. Senate campaign in Ohio
ExplorePandemic tempers optimism about Dayton region economic prospects in 2022


https://www.springfieldnewssun.com/business/data-compromises-hit-record-high-as-cybercriminals-use-stolen-information-to-attack-businesses/OAZF24YGRBBZDK4YLHEV4YPOPY/

Next Post

Your brain might be a quantum computer that hallucinates math

Quick: what’s 4 + 5? Nine right? Slightly less quick: what’s five plus four? Still nine, right? Okay, let’s wait a few seconds. Bear with me. Feel free to have a quick stretch. Now, without looking, what was the answer to the first question? It’s still nine, isn’t it? You’ve […]

Subscribe US Now