The report on the first half of 2022 found 817 data compromises in the U.S., a 4 percent decrease compared to the same period in 2021, a record year for data breaches, exposures and leaks.
The number of victims declined 45 percent to 53.4 million, compared to the same period last year, according to the resource center, a nonprofit that tracks publicly-reported data compromises and provides free assistance to victims.
However, the report noted that about 39 percent of data breach notices did not list a victim count so the true total number isn't known.
Last year the number of data compromises was the highest since all U.S. states and territories adopted data breach notice laws, with the final two states doing so in 2018.
"Identity-related employment benefits fraud, never much of a problem prior to the pandemic, shot to the top of the list for most reported — and most costly — government benefits fraud," said Eva C. Velasquez, president and CEO of the resource center.
"Rather than take control of existing financial accounts as in years past, identity criminals preferred to open new accounts using personal information stolen in data breaches or collected from individuals tricked into sharing information with criminals."
An estimated 87 percent of data compromises in the first half of this year were due to cyber attacks.
"Ransomware attacks declined quarter-over-quarter for the first time since ransomware surpassed malware as the number two primary cause of data breaches in 2019," according to the report.
CYBER ATTACK IMPACT PER YEAR
- 2022 ( January-June): 817 compromises, 53.4 million victims
- 2021: 1,862 compromises, 298.1 million victims
- 2020: 1,108 compromises, 310.2 million victims
- 2019: 1,279 compromises, 883.6 million victims
- 2018: 1,175 compromises, 2.2 billion, victims
- 2017: 1,506 compromises, 1.8 billion, victims
- 2016: 1,088 compromises, 2.5 billion, victims
Source: Publicly-reported data compromises compiled by the Identity Theft Resource Center
Ransomware is a type of malicious software that hackers use to infect a computer network, locking out the owner by encrypting the data. The hacker demands money in exchange for a key to restore access and agreeing not to publicly release or destroy stolen data. Two prominent ransomware attacks in 2021 disrupted operations of Colonial Pipeline Co. and meatpacker JBS.
"Security researchers speculate that the sudden decline in ransomware attacks is due to a combination of factors, including the ongoing conflict in Ukraine and the collapse of cryptocurrencies favored by cyber criminals," the report said.
Phishing, which is a fraudulent email or website masquerading as a legitimate business or person, remained the top root cause of data compromises in the first half.
Lax security protocols, and stolen personal information like logins and passwords obtained through phishing or available on the dark web allow cyber criminals to make their way into computers.
Data compromises in the first half included more than 800 breaches, where information was removed or misused. Ten cases were data exposures, where data was unsecured but there is no indication information was accessed, copied or removed. The type of compromise was unknown for five incidents.
Supply chain attacks continue to be favored by cyber criminals, the report said. These are hacks that start with one company but give hackers access to data or the ability to spread malicious code to customers of the original target company.
Supply chain attacks on 44 companies impacted 367 entities and 4.1 million individuals in the first half, the report said. In 10 cases the original attack occurred in 2020 or 2021.
One of those companies hit in 2022 was Illuminate Education, a California-based student-tracking software firm. So far 234 entities and 201,586 victims reported being impacted. But the resource center said data is still being collected and it is believed that the cyber attack affected more than 600 school districts.
"Our research shows that most people who receive a data breach notice struggle to understand what it means or what to do to protect themselves," Velasquez, said. "Supply chain attacks are even more complicated as the organization that was attacked and the entity that owned the data figure out who is responsible for issuing a notice or if one is required."
©2022 the Journal-News, Distributed by Tribune Content Agency, LLC.
