The number of individuals impacted by a data compromise is down 20 percent quarter-over-quarter 

SAN DIEGO, July 8, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the first half (H1) of 2021. According to the data breach analysis, publicly-reported U.S. data breaches are up 38 percent in the second quarter (Q2) of 2021 (491 compromises) compared to the first quarter (Q1). However, the number of individuals impacted (52.8 million) is down 20 percent over that same timespan.  

For H1 2021, the number of compromises (846) makes up 76 percent of 2020’s total compromises. If the current attack pace continues, the increase in data breaches in 2021 will end with a record-setting number of compromises, exceeding the current highwater mark of 1,632 set in 2017.  

However, the number of victims (118.6 million) only makes up 38 percent of 2020’s total number of people impacted by data breaches, data exposures and data leaks. If the trend continues, 2021 could result in the lowest number of people impacted by data compromises since 2014.  

Phishing and ransomware attacks remain the top two root causes for data compromises, and supply chain attacks continue to increase (32 new attacks in Q2 compared to 27 in Q1 2021). The surge in phishing, ransomware and supply chain attacks is driving the pace of data compromises and the main reason 2021 could see a new record for total data breaches, data exposures and data leaks. 

According to the H1 2021 Data Breach Analysis by the ITRC, publicly-reported U.S. data breaches are up 38 percent in the second quarter (Q2) of 2021.

Download the ITRC’s 2021 First Half Data Breach Analysis and Key Takeaways  

“We are seeing a shift with the increase in data breaches in 2021 compared to 2020, primarily because of the growing number of phishing attacks, ransomware attacks and supply chain attacks,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “While it is discouraging to see the number of compromises up, it is encouraging that we could see the fewest number of people impacted in seven years. Criminals continue to exploit organizations of all sizes through single points-of-attack, making good cyber-hygiene practices more important than ever.” 

Other findings in the analysis include: 

  • Data compromises are rising in half of the sectors tracked by the ITRC. Manufacturing & Utilities and Professional Services are seeing significant increases, while Healthcare and Retail are seeing data compromises drop. This dynamic reflects the broader trend of cybercriminals shifting their attacks to critical infrastructure entities that are too important to remain idle, and targets with less robust cybersecurity protections in hopes of securing larger ransomware payments.  
  • The 58 supply chain attacks through June 30, 2021, a 19 percent increase in Q2, compares to 70 malware-related compromises, which indicates that third-party risks are poised to surpass malware as the third most common root cause of data events by the end of the year. 
  • The July 2, 2021 supply chain attack on Kaseya, a security software provider, also indicates that the scope and complexity of supplier attacks are increasing. 

For more information about recent data breaches, or the increase in data breaches discussed in the latest trend analysis, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.   

For consumers who have been victims of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case.  

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat.  

About the Identity Theft Resource Center     

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530 and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.      

Media Contact    

Identity Theft Resource Center    
Alex Achten    
Earned & Owned Media Specialist    
888.400.5530 Ext. 3611    
media@idtheftcenter.org   

On June 28, 2021, the Identity Theft Resource Center (ITRC) discovered a particular form of a phishing attack (also known as a brand spoofing attack) imitating our non-profit organization. The spoofed email, which was determined to be an identity monitoring services scam, sent offers of an “elite search account” with monitoring services to “track your social security, name, address, phone, and any other pertinent information that may be compromised over the web.”

The ITRC Never Charges Consumers or Collects Sensitive Information

The ITRC never charges consumers for assistance and any communication you receive claiming to offer an ITRC service for a fee is a scam. The ITRC only provides no-cost identity theft victim remediation services for individuals that does not include a monitoring service.

The ITRC also does not request or collect sensitive personal information like Social Security numbers, driver’s license numbers or physical addresses. The ITRC may ask for your email or phone number to send you free identity theft resources and educational advice. The limited information you share is never sold to anyone and only to be shared with our research partners with your permission.

What is a Brand Spoofing Attack?

For Consumers:

With this attack style, a cybercriminal imitates a well-known brand to offer a product or service. The attack may also include a live operator acting as a contact center service representative.  Consumers need to follow the best practices for avoiding phishing attacks:

  • Be suspicious of emails that claim you must pay, click for your offer or open an attachment immediately.
  • Think about if you have ever interacted with the company before. If this is a new company or account, go directly to their website or call to ask them if the offer is legitimate.
  • If you think you clicked on a malicious attachment, be sure to run an update on your computer and consider anti-virus software.
  • If you gave away your personal or financial information, place a credit freeze on your credit reports and monitor your accounts regularly.

For Businesses:

If your business email, website, social media accounts, or text services were used in a brand spoofing attack, notify your customers or visitors of the spoof and the steps they should take if they have given their account password or financial information to a criminal. You may direct victims to the ITRC’s contact center or website for free assistance.

Read more about business email imposter recovery steps to take with advice from the Federal Trade Commission.

What You Need to Know About Identity Monitoring Services Scams

In an identity monitoring services scam, an identity thief poses as a well-known brand or government agency and contacts you to say your identity has been compromised. They have discovered your personal information on the dark web and insist you should pay for services to monitor your identity.

The identity monitoring services scam is similar to the IT support scam where the cybercriminal poses as Microsoft, Apple, etc. to say your computer has been infected with malware and is alerting you. They then urge you to clean it up as soon as possible and will take your credit card information or payment through gift card to clean up the infection for you.

Report to the ITRC

If you receive an email, phone call or other communication that asks for your personal or financial information to pay for a service, report it directly to the ITRC to receive our free remediation services to help protect your identity and help prevent additional identity crimes. The ITRC’s expert advisors will help you take additional steps if required, to secure your identity.

Contact the ITRC for Free Identity Theft Information

If you accidentally click on a link of a brand phishing attack or provide information to what you discover later was a fake website form, contact the ITRC toll-free at 888.400.5530 or live-chat with an expert advisor on the company website www.idtheftcenter.org. An advisor will walk you through the steps to take to protect yourself from any possible identity misuse. 


The ITRC is a non-profit organization established in 1999 to empower and guide consumers, victims, business, and government to minimize risk and mitigate the impact of identity compromise and crime. Read more about our mission.

The ITRC’s three-year study shows nearly 30 percent of victims have been the victim of a previous identity crime; an all-time high number of victims say they have contemplated suicide

SAN DIEGO, May 26, 2021- The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, has published research that shows nearly 30 percent of people who contact the ITRC are victims of more than one identity crime. The study – the 2021 Consumer Aftermath Report – released today covers the 36 months from 2018-2020 and goes beyond the known financial implications of identity crimes and explores the emotional, physical and psychological impacts experienced by victims.

For the report, 427 identity crime victims who contacted the organization between January 2018 and December 2020 responded to questions about the impact of identity compromises. The survey, which the ITRC has conducted since 2003, discovered that many of the respondents experienced impacts that resulted in definable emotional impacts, physical consequences and lost opportunities. For example, the report shows the highest level of victims who say they have considered suicide – 10 percent – in the 18-year history of the Consumer Aftermath Report.

The ITRC study includes a special focus on victims of pandemic-related identity fraud, including:

  • Thirty-three (33) percent who did not have enough money to buy food or pay for utilities.
  • Forty (40) percent who were unable to pay their routine bills.
  • Fourteen (14) percent who were evicted for non-payment of rent or mortgage.
  • Fifty-four (54) percent who said they felt violated as a result of their identity being misused

Download the ITRC’s 2021 Consumer Aftermath Report

“The 2021 Consumer Aftermath Report shows that the effects of identity theft, particularly during COVID-19, are far-reaching and accelerating,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Even pre-pandemic, for roughly 30 percent of these individuals, this is the second identity crime committed against them. Generally, these victims cannot pay their rent or mortgage, put food on the table, gas in their cars or afford to pay for internet access or childcare needed to look for new employment. In the report, you see the range of emotions – anger, frustration, fear, hopelessness – in their own words. It is crucial we share these findings so others can better understand the ramifications of identity crimes, as well as help force change to better support these victims.”

“While we have all adjusted to masks and social distancing during the COVID-19 pandemic, for victims of identity fraud, the pandemic has created an entirely new set of risks,” said John Breyault, National Consumers League Vice President of Public Policy, Telecommunications and Fraud and an ITRC Board Member. “It might be tempting to focus only on the considerable harm that identity fraud does to consumers. However, we shouldn’t lose sight of the costs to businesses due to lost productivity and lower morale as employees manage their recovery and to taxpayers as fraudsters raid unemployment insurance funds.”

Another critical finding discovered in the 2021 Consumer Aftermath Report is pre-pandemic, identity crime victims struggled with the financial, emotional and physical impacts of having their identities misused. Eighty-three (83) percent of victims could not rent an apartment or find housing and 67 percent incurred debt to meet financial obligations. Also, 84 percent reported being anxious or worried and 76 percent feeling violated.

“The risk of having one’s identity stolen and used to perpetuate fraud may be the least studied, most common, criminal experience that individuals can encounter,” said Brandn Green, Research Scientist at Development Services Group. “The work done by the ITRC in their report to quantify and demonstrate the experiences of victims is invaluable.”

Consumers and victims can receive free support and guidance from a knowledgeable live advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center   

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530 and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.    

Media Contact  

Identity Theft Resource Center  
Alex Achten  
Earned & Owned Media Specialist  
888.400.5530 Ext. 3611  
media@idtheftcenter.org   

While the number of data compromises is only up slightly (12 percent increase in Q1 2021), individuals impacted is on a steep rise due to more supply chain attacks in 2021 

SAN DIEGO, April 7, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the first quarter of 2021. 

According to the ITRC’s analysis, publicly-reported U.S. data compromises in Q1 2021 are up 12 percent (363) from Q4 2020. The number of individuals impacted is up 564 percent (51 million in Q1 2021 versus eight million in Q4 2020). A primary reason for the gap in compromises and impacts is a 42 percent rise in the number of supply chain attacks compared to Q4 2020, a trend discussed in the ITRC’s 2020 Data Breach Report.  

One hundred and thirty-seven (137) organizations reported being impacted by supply chain attacks in Q1 2021 at 27 different third-party vendors, including IT provider Accellion. The publicly-reported supply chain attacks affected seven million people. Nineteen supply chain attack-related compromises were reported in Q4 2020. Other conclusions from the Q1 2021 report include

  • Phishing and ransomware attacks continue to be the primary root causes of data compromises.  
  • The increase in data compromises and impacted individuals was also influenced by 59 data events reported in early Q1 2021 that occurred in late December 2020.  
  • The 2020 supply chain and ransomware attack against IT provider Blackbaud continues to result in new data breach notices; 62 new notices in Q1 2021 that impacted approximately 146,000 additional individuals. More than 12.8 million people at 555 organizations have now been affected by the attack first reported in mid-2020. 
  • The report reinforces the trends highlighted by the ITRC, the FBI, and various security vendors that point to a rise in cybercrimes focused on stealing company resources using personal information.  

Download the ITRC’s 2021 Q1 Data Breach Analysis and Key Takeaways  

“While the number of data compromises is only up slightly, the rise in supply chain attacks is troubling,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Supply chain, phishing, and ransomware attacks reflect a broader trend that cybercriminals want to exploit multiple organizations through a single point-of-attack. The most important action people can take to help protect themselves is to exercise good cyber-hygiene habits.”  

The FBI’s most recent Internet Crime Complaint Center (IC3) Report shows phishing as the number one complaint for individuals and businesses in 2020. According to the report, $1.8 billion in business losses was directly attributed to Business Email Compromise, a form of phishing.  

For more information about recent data breaches, or any of the data breaches discussed in the Q1 2021 Date Breach Report, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.  

For consumers who have been victims of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case.  

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat.  

About the Identity Theft Resource Center   

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530, and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.    

Media Contact  

Identity Theft Resource Center  
Alex Achten  
Earned & Owned Media Specialist  
888.400.5530 Ext. 3611  
media@idtheftcenter.org   


The Identity, Authentication and the Road Ahead event, February 4-5 from 11 a.m. – 3 p.m. EST, will bring together leaders from government, industry and the nonprofit sector to tackle critical identity issues 

SAN DIEGO, February 2, 2021- On February 4-5, 2021, the Better Identity Coalition, FIDO Alliance, and Identity Theft Resource Center will be hosting an online event, “Identity, Authentication and the Road Ahead”.  

The event will bring together leaders from government, industry and the nonprofit sector to tackle how the government plans to modernize identity and authentication, how COVID-19 has affected the identity landscape, ways the government can help address pain points in our identity infrastructure, standards updates and more. Our keynote speakers include Congressman Bill Foster [D-IL], Financial Crimes Enforcement Network (FinCEN) Deputy Director and Digital Innovation Officer Michael Mosier, Congressman John Katko [R-NY] and Partner Director of Identity Security for Microsoft Alex Weinert. 

“The COVID-19 pandemic has laid bare our challenges in digital identity and authentication – not just from a security perspective, but also a human one,” said Jeremy Grant, Coordinator of the Better Identity Coalition. “We’re thrilled to partner with the FIDO Alliance and the Identity Theft Resource Center on this two-day event to highlight different facets of the challenges in identity and authentication – and discuss ways the government and industry can partner together to spur new solutions that can help all Americans.” 

“The FIDO Alliance is pleased to be working with the Better Identity Coalition and the Identity Theft Resource Center to advance awareness of and inspire action for simpler and stronger authentication and improved identity verification processes,” said Andrew Shikiar, Executive Director & CMO of the FIDO Alliance. “Jarring events of late, such as the global COVID pandemic and threats to the U.S. election, have accelerated the urgency to move forward with digital transformation plans and enable secure and phish-proof access to remote systems and applications. We’re looking forward to sessions that will uncover the critical role that FIDO Authentication has played this past year and will play in the future of identity and authentication.” 

“The Identity Theft Resource Center is honored to co-host the 2021 Policy Forum with the Better Identity Coalition and the FIDO Alliance to bring awareness to digital security, privacy and convenience for everyone,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “It is critically important we take a look at identity crimes and their impacts on individuals, businesses and policies, particularly when it comes to equity and inclusion. We hope that the two-day event highlights how government and decision-makers can address the pain points in our identity infrastructure and leads to discussions on how to improve identity use and protection in America.” 

Our hashtag for the event is #IDPolicyForum. You can find the full schedule here and RSVP here. This event is on the record and open to the public.  

About the Identity Theft Resource Center   

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530, and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.    

About the Better Identity Coalition 

Launched in 2018, the Better Identity Coalition is an organization focused on bringing together leading firms from different sectors to develop a set of consensus, cross-sector policy recommendations that promote the adoption of better solutions for identity verification and authentication. The Coalition’s founding members include recognized leaders from diverse sectors of the economy, including financial services, health care, technology, FinTech, payments, and security. More on the Coalition is available at https://www.betteridentity.org/ 

About the FIDO Alliance 

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services. 

 

In 2020, the number of individuals impacted by a data breach was down 66 percent from 2019; cybercriminals continue to shift away from mass attacks seeking consumer information and towards attacks aimed at businesses using stolen logins and passwords  

SAN DIEGO, January 28, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized non-profit organization established to support victims of identity crime, released its 15th annual Data Breach Report. According to the report, the number of U.S. data breaches tracked in 2020 (1,108) decreased 19 percent from the total number of breaches reported in 2019 (1,473). In 2020, 300,562,519 individuals were impacted by a data breach, a 66 percent decrease from 2019.  

The 2020 Data Breach Report shows the continuation of a trend from 2019: cybercriminals are less interested in stealing large amounts of consumers’ personal information. Instead, threat actors are more interested in taking advantage of bad consumer behaviors to attack businesses using stolen credentials like logins and passwords. Due to the shift in tactics, ransomware and phishing attacks directed at organizations are now the preferred data theft method by cyberthieves.  

Ransomware and phishing attacks require less effort, are largely automated, and generate much higher payouts than taking over individuals’ accounts. One ransomware attack can generate as much revenue in minutes as hundreds of individual identity theft attempts over months or years. According to Coveware, the average ransomware payout has grown from less than $10,000 per event in Q3 2018 to more than $233,000 per event in Q4 2020. 

Download the ITRC’s 2020 Data Breach Report 

“While it is encouraging to see the number of data breaches, as well as the number of people impacted by them decline, people should understand that this problem is not going away,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Cybercriminals are simply shifting their tactics to find a new way to attack businesses and consumers. It is vitally important that we adapt our practices, and shift resources, to stay one step ahead of the threat actors. Although resources continue to decline for victims of identity crimes, the ITRC will continue to help impacted individuals by providing guidance on the best ways to navigate the dangers of all types of identity crimes.” 

One notable case study highlighted in the ITRC’s 2020 Data Breach Report is the ransomware attack on Blackbaud, a technology services company used by non-profit, health and education organizations. A professional ransomware group stole information belonging to more than 475 Blackbaud customers before informing the company the information was being held hostage. The stolen information included personal information relating to more than 11 million people that was later reported to have been destroyed by the cybercriminals after Blackbaud paid a ransom.  

Another notable finding was that supply chain attacks are becoming increasingly popular with attackers since they can access the information of larger organizations or multiple organizations through a single, third-party vendor. Often, the organization is smaller, with fewer security measures than the companies they serve.  

To learn more about the latest data breaches, visit the ITRC’s interactive data breach tracking tool, notified. It is updated daily and free to consumers.  

For anyone that has been a victim of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case. 

Consumers and victims can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530, and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.   

Media Contact 

Identity Theft Resource Center 
Alex Achten 
Earned & Owned Media Specialist 
888.400.5530 Ext. 3611 
media@idtheftcenter.org  

The release of the 2020 ITRC Data Breach Report and launch of the ITRC’s data breach tracking tool supports the Data Privacy Day 2021 initiative to help build trust among consumers and promote transparency around data collection practices.

SAN DIEGO, January 13, 2021- Today, the Identity Theft Resource Center® (ITRC), a nationally recognized non-profit organization established to support victims of identity crime, announces its commitment to Data Privacy Day on January 28, 2021. The ITRC recognizes and supports the principle that all organizations share the responsibility of being conscientious stewards of personal information.

The ITRC will unveil the 15th annual edition of the ITRC Data Breach Report on January 28, 2021. One of the most widely quoted reports on data breach trends, the report will also explore the fundamental shifts underway in the root causes of identity-related crimes. The release of the 2020 ITRC Data Breach Report coincides with the launch of the ITRC’s new data breach tracking tool, notifiedTM, to assist consumers and businesses in making informed decisions about with whom they do business. Landmark state privacy and security laws, like the California Privacy Rights Act, require businesses to ensure third-party vendors’ cybersecurity processes protect consumer information.

“The ITRC is honored to take part in Data Privacy Day 2021 and to bring awareness to the importance of people and businesses taking action to protect personal and company information,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “We want individuals to value protecting their own data and for businesses to keep people’s personal information safe. Likewise, our latest trend analysis shows that consumers have a big role to play in protecting their employer’s valuable business data and systems. It is critical that everyone take part in reducing the number of data compromises moving forward.”

Data Privacy Day is a global effort that generates awareness about the importance of privacy, highlights easy ways to protect personal information, and reminds organizations that privacy is good for business. This year, the focus is on encouraging individuals to “Own Your Privacy” by learning more about how to protect the valuable data that is online, and encouraging businesses to “Respect Privacy” by helping organizations keep individuals’ personal information safe while ensuring fair, relevant and legitimate data collection and processing practices.

According to a Pew Research Center study, 79 percent of U.S. adults report being concerned about how companies use their data. As technology evolves and the COVID-19 pandemic continues to influence how consumers interact with businesses online, data collection practices are becoming increasingly unavoidable, making it imperative that companies act responsibly.

“In recent years, we’ve seen the impact of more global awareness surrounding the abuse of consumer data, thanks to sweeping privacy measures like GDPR and CPRA,” said Kelvin Coleman, Executive Director for the National Cyber Security Alliance. “While legislative backing is key to reinforcing accountability for poor data privacy practices, one major goal of Data Privacy Day is to build awareness among businesses about the benefits of an ethical approach to data privacy measures separate from legal boundaries.”

For more information about Data Privacy Day 2021 and how to get involved, visit https://staysafeonline.org/data-privacy-day/.

For more information on the ITRC’s 2020 Data Breach Report, email media@idtheftcenter.org.

About the Identity Theft Resource Center®  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530, and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notifiedTM.  

About Data Privacy Day

Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. NCSA, the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness, leads the effort in North America each year. For more information, visit https://staysafeonline.org/data-privacy-day/.

About the National Cyber Security Alliance

NCSA is the Nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and NCSA’s Board of Directors, which includes representatives from ADP; AIG; American Express; Bank of America; Cofense; Comcast Corporation; Eli Lilly and Company; ESET North America; Facebook; Intel Corporation; Lenovo; LogMeIn; Marriott International; Mastercard; MediaPro; Microsoft Corporation; Mimecast; KnowBe4; NortonLifeLock; Proofpoint; Raytheon; Trend Micro, Inc.; Uber: U.S. Bank; Visa and Wells Fargo. NCSA’s core efforts include Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); STOP. THINK. CONNECT.™, the global online safety awareness and education campaign co-founded by NCSA and the Anti-Phishing Working Group with federal government leadership from the Department of Homeland Security; and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information on NCSA, please visit https://staysafeonline.org.

Media Contact  

Identity Theft Resource Center  
Alex Achten   
Earned & Owned Media Specialist  
888.400.5530 Ext. 3611  
media@idtheftcenter.org  

The Identity Theft Resource Center’s 2021 Predictions show fundamental shifts in how identity crimes are committed, what cybercriminals want, and the resources available to help victims

SAN DIEGO, December 1, 2020 – The Identity Theft Resource Center® (ITRC), a nationally recognized non-profit organization established to support victims of identity crimes and compromises, has released its 2021 predictions and trends. There are four things the ITRC expects to see in the next calendar year: 

ITRC 2021 Predictions
The ITRC’s 2021 predictions include fundamental shifts in how identity crimes are committed, what cybercriminals want, and the resources available to help victims.

1. Key U.S. government resources dedicated to financial and identity crime victims have been eliminated. The ITRC believes options for direct assistance will continue to decline in 2021. 

  • Since 2018, U.S. Department of Justice funds allocated for all crime victim services has dropped from a high of $3.7 billion to $1.9 billion. A vast majority of the funds have been awarded to the states to administer government offices such as prosecutors’ offices and police departments. 
  • Discretionary grants awarded to victim services organizations dropped from $311 million in 2019 to $144 million in 2020.  
  • Funds to programs that support victims of financial crimes, including identity crimes and compromises, cybercrime and scams/fraud have been reduced to $0. 

2. Cybercriminals are relying less on consumers’ personal information and more on consumer behaviors to commit identity-related crimes, making personal information less valuable and attractive to cybercriminals. The ITRC believes this could be a long-term trend. 

  • Cybercriminals are making more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information. 
  • As a result, data breaches are on pace to be down by 30 percent in 2020 and the number of individuals impacted down more than 60 percent year-over-year. 
  • Cybercriminals are focusing on cyberattacks that require logins and passwords to get access to corporate networks for ransomware or Business Email Compromise (BEC) scams. These attacks require less effort, are largely automated, the risk of getting caught is less, and the payouts are much higher than taking over an individuals’ account. The average ransomware payouts for all businesses have grown from less than $10,000 in Q3 2018 to more than $178,000 per event by the end of Q2 2020. Large enterprises are making average ransomware payments of over $1 million. BEC scams cost businesses more than $1.8 billion in 2019. 

3. The ITRC believes pandemic-related identity crimes will impact victims well into 2021. Re-victimization rates for identity crimes and compromises are rising, too. 

  • Millions of state unemployment benefit-related identity theft cases have been detected across the country since March 2020. Victims may not be aware that unemployment benefits have been obtained using their identity credentials until they file their tax returns and discover that the IRS is penalizing them for failing to claim the fraudulent benefits as income. 
  • The ITRC’s Aftermath survey data shows an increase in identity crime re-victimization (28 percent in 2019 versus 21 percent in 2018) occurring before the massive increase in fraud/scams and identity crimes in 2020. The post-pandemic analysis should show an even greater rise.   
  • Subscribe to our data breach newsletter to get our full 2020 report in late January 2021. The 2020 data breach report will expand on some of the 2021 predictions.  

4. The ITRC expects privacy, cybersecurity and identity laws to continue to merge into a more holistic set of public policies – at least at the state level – as evidenced by California voters passing the Consumers Privacy Rights Act (CPRA), the toughest privacy law in the U.S.  

  • The European Union started the trend in 2016 with the adoption of the comprehensive General Data Protection Regulation (GDPR) that governs data, identity privacy and cybersecurity. Two U.S. states followed in 2019 and 2020 with GDPR style laws – New York and California – with more states exploring similar laws when the COVID-19 pandemic interrupted most state legislative sessions. 
  • California voters approved the CPRA, a more comprehensive privacy and cybersecurity law that brings the state’s unified approach closer to the GDPR. The CPRA adds more consumer controls over behavioral marketing and requires routine cybersecurity audits and privacy risk assessments for companies that collect and maintain consumer information. 

“While we cannot predict what will happen in the future, some of the data is troubling,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Federal government funds for victim services continue to be reduced, and they have been eliminated for identity crime victims. That action comes at a time when fraud and cybercrime that impact consumers are growing. The number of “repeat” victims – people who have been the target of more than one identity crime or compromise – is also on the rise along with the non-financial impacts of these crimes.” 

“There is a clear shift in tactics away from cyberattacks that require mass amounts of consumer information to fuel identity crimes – and that’s good news for consumers. With that said, businesses of all sizes are now the targets of cybercriminals who know how to take advantage of human behaviors – not hope for a technology failure – to rake in billions of dollars. That harms consumers, too.” 

“There are clearly some headwinds to provide assistance to identity crime victims. However, just as we have been for 20 years, the ITRC will fight for those impacted by the misuse of their identity.” 

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting  www.idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center®  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live-chat feature and ID Theft Help app. For more information, visit: https://www.idtheftcenter.org  

Media Contact  

Identity Theft Resource Center  
Alex Achten   
Earned & Owned Media Specialist  
888.400.5530 Ext. 3611  
media@idtheftcenter.org  

While data breaches are down, a single ransomware attack at Blackbaud exposed information from at least 247 organizations that have issued their own breach notices 

SAN DIEGO, October 14, 2020 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized non-profit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter of 2020. 

According to the data breach analysis, publicly-reported U.S. data breaches have dropped 30 percent year-to-date compared to 2019. More than 292 million individuals have had their identities compromised so far in 2020, a 60 percent drop from 2019. Mass data breaches of personal information continue to decline while cyberattacks are up as threat actors focus on ransomware, phishing, and brute force attacks that use already available identity information to steal company funds and COVID-19 related government benefits. 

Despite the encouraging data breach numbers, a single ransomware attack at Blackbaud exposed information from at least 247 organizations that have issued their own breach notices as of September 30, 2020

Cyberattacks were the primary cause of data compromises reported in Q3 2020, with phishing and ransomware attacks the most common attack vectors. However, viewing Blackbaud as a series of attacks and not a single event, supply chain attacks were the most common exploit.

Download the Identity Theft Resource Center’s 2020 Third-Quarter Data Breach Analysis and Key Takeaways 

“It is encouraging to see the number of data breaches continue to decline in 2020,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “If data breaches continue at this pace for the remainder of 2020, we could see our lowest number of breaches since 2015.” 

While data breaches are dropping, the Blackbaud data breach has skewed the numbers significantly. Of the 247 organizations to issue breach notices to their customers, only 58 have disclosed the number of individuals impacted by the breach – 6,981,091. If the Blackbaud data breach is treated as a series of events, data breaches have only decreased by 10 percent compared to 2019.  

“If anyone gets a breach notice connected to the Blackbaud data breach, they should act immediately because their information could still be available,” Velasquez said. “Whenever someone receives a breach notice, they need to act quickly and decisively because of the risks that come with personal information being exposed.” 

For more information about recent data breaches, or any of the data breaches discussed in Q3, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free. 

For consumers who have been victims of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case. 

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center® 

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity crime in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live-chat feature and ID Theft Help app. For more information, visit: https://www.idtheftcenter.org

Media Contact 

Identity Theft Resource Center 
Alex Achten  
Earned & Owned Media Specialist 
888.400.5530 Ext. 3611 
media@idtheftcenter.org  

This year’s initiatives highlight the importance of individuals and organizations taking actions to protect their part of cyberspace in an increasingly connected world 

SAN DIEGO, October 2, 2020 – The Identity Theft Resource Center® (ITRC), a nationally recognized non-profit organization established to support victims of identity crime, has joined the growing global effort to promote awareness of online safety and privacy as part of Cybersecurity Awareness Month (CSAM) during October. CSAM is a collaborative effort among organizations and individuals to promote this year’s CSAM theme of ‘Do Your Part. #BeCyberSmart.’ The month aims to empower individuals and organizations to own their role in protecting their part of cyberspace. 

“Cybersecurity is a critical issue that impacts consumers, businesses and institutions every day,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “The online safety and privacy of all stakeholders is important. It’s why we are committed to helping people at home and work develop good  cyber hygiene habits, and be cyber smart.” 

The ITRC will take part in the following activities for CSAM: 

To kick off CSAM, NCSA and the ITRC are hosting a Twitter chat on Thursday, October 8 at 11:00 a.m. PST to discuss cyber hygiene best practices, resources and much more. Use #BeCyberSmart in your tweet to join the conversation. 

NCSA and the ITRC are publishing a co-authored blog on the impact of data breaches and cyberattacks on small-to-medium-size businesses and their employees. The blog will be released on October 15. 

The ITRC is participating in a panel hosted by the Cybercrime Support Network to discuss cybersecurity for retirement professionals. The event will take place on October 28 at 8:30 a.m. PST. 

The ITRC is releasing its data breach information for the third quarter of 2020. We are also promoting new data breach tracking tool, notifiedTMNotified is free to consumers and has as many as 90 data points for organizations that need comprehensive breach information for business planning or due diligence. 

Check out ITRC’s newest podcasts, “The Fraudian Slip” (monthly), which takes an in-depth look at topics like child identity theft, application fraud and more, as well as the “Weekly Breach Breakdown” (weekly), covering the latest data compromises from the previous week and other news in cybersecurity. 

The ITRC will launch a beta version of ViViAN, the organization’s artificial intelligence chatbot, to provide initial assistance and after-hours victim support. 

The ITRC is releasing new Help Center resources for victims of identity crime. The resources will help victims in their resolution process. 

Now in its 17th year, CSAM continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. The ITRC is proud to support this far-reaching online safety awareness and education initiative, which is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security

“Cybersecurity is important to the success of all businesses and organizations. NCSA is proud to have such a strong and active community helping to encourage proactive behavior and prioritize cybersecurity in their organizations,” said Kelvin Coleman, Executive Director, NCSA. 

For more information about CSAM 2020 and how to participate in a wide variety of activities, visit staysafeonline.org/cybersecurity-awareness-month/. You can also follow and use the official hashtag #BeCyberSmart on social media throughout the month. 

About the Identity Theft Resource Center 

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity crime in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live-chat feature and ID Theft Help app. For more information, visit: https://www.idtheftcenter.org 

About Cybersecurity Awareness Month 

Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/  

About NCSA 

NCSA is the Nation’s leading non-profit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and NCSA’s Board of Directors, which includes representatives from ADP; AIG; American Express; Bank of America; Cofense; Comcast Corporation; Eli Lilly and Company; ESET North America; Facebook; Intel Corporation; Lenovo; LogMeIn; Marriott International; Mastercard; MediaPro; Microsoft Corporation; Mimecast; KnowBe4; NortonLifeLock; Proofpoint; Raytheon; Trend Micro, Inc.; Uber: U.S. Bank; Visa and Wells Fargo. NCSA’s core efforts include Cybersecurity 

MEDIA CONTACT 

Identity Theft Resource Center 

Alex Achten 

Earned & Owned Media Specialist  

888.400.5530 Ext. 3611 

media@idtheftcenter.org