Since 2005, the Identity Theft Resource Center has compiled publicly-reported U.S. data breaches as part of our data breach tracking efforts. While our 2019 Data Breach Report revealed an annual 17 percent increase in data breaches compared to 2018, there has since been a data breach decrease reported during the first quarter of 2020, both in the number of incidents and individuals impacted.

In the first quarter of 2020, there were 337 publicly reported breaches and exposures. During the same time period in 2019, 520 data events were reported, which means there have been nearly 185 fewer breaches/exposures reported in 2020. In terms of people impacted, 131 million individuals were affected from January through March of 2020. While that might sound like a lot, 442 million people had their data compromised during that same timeframe in 2019. Overall, the number of data compromises decreased by nearly 35 percent, and the number of people affected by 66 percent in the first three months of 2020. Any decrease in data compromises is a good thing, but it’s important to understand what’s behind the numbers dropping due to the data breach decrease.

The ITRC tracks both publicly reported data breaches and data exposures in a database containing 25 different information fields and 63 different identity attributes that are updated daily. While the ITRC has one of the most comprehensive repositories of data compromises, not all incidents are publicly reported; there can be significant delays between when a breach occurs and is publicly reported. The result of these factors can produce a reduction of publicly reported data events.

There are other reasons why the ITRC’s data could be different from other data breach reports – especially those that are reporting an increase in data compromises in Q1 2020. For example, the ITRC reports the number of records compromised based on the number of individuals impacted, not the number of records stolen or exposed. We believe this methodology gives a more accurate view of the human impact of a data breach or exposure since a single person may have multiple records involved in a single event.

The COVID-19 pandemic could have also played a role in the data breach decrease (particularly in March) as threat actors turned their attention to using the data they already had to launch phishing attacks and COVID-19 scams rather than launching new mass cyberattacks. However, there is no substantive proof of why there was such a drastic decline in the first quarter numbers. With that said, the ITRC believes data breaches could return to a more traditional trendline later in 2020.

If someone believes they have had their information exposed as part of a data breach, or is a victim of identity theft due to a data breach, they can live-chat with an ITRC expert advisor. They can also call toll-free at 888.400.5530. Advisors can help victims create action plans that are tailored to them. Victims can also download the ID Theft Help App. The app lets them track their case in a case log, access resources and tips to help them protect their identity and more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.

You might also like…

Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Five State Unemployment Department Data Exposures Uncover System Flaws