The Weekly Breach Breakdown: Q1 2021 Data Breach Report Reveals Sharp Rise in Individuals Impacted by a Compromise

• According to the Identity Theft Resource Center’s (ITRC) Q1 2021 Data Breach Report, data compromises are up 12 percent, and the number of individuals impacted 564 percent compared to Q4 2020.
• The rise is in large part to 59 late-reported compromises in Q4 2020 and a 42 percent increase in the number of supply chain attacks in Q1 2021 versus Q4 2020.
• The Q1 trends continue to point to a rise in cybercrimes focused on stealing company resources using personal information.

• To learn about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.
• For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

Pointing in All Directions

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 9, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. President Harry Truman once said that if you put all the government experts in a straight line, they’d point in all directions. That might be a good title for this week’s episode where we look at the data compromise and cybersecurity trends for the first quarter of the year in the ITRC’s Q1 2021 Data Breach Report. There’s a little something for everyone in these numbers.

Data Compromises Rise 12 Percent

According to the ITRC’s Q1 2021 Data Breach Report, the number of publicly-reported U.S. data breaches and exposures are up 12 percent from Q4 2020 to 363 total compromises. That’s a slight reversal of the trend in 2020. However, part of the reason for the increase was 59 compromises that occurred late in Q4 2020 but were recorded in Q1 2021. With that said, the number of breaches would have been down nearly a quarter in the first three months of this year compared to the final three months of last year.

Number of Individuals Impacted Rise 564 Percent

The number of individuals impacted, though, is up significantly. Fifty-one (51) million people had their data compromised in Q1 2021 versus eight million in Q4 2020. That’s a 564 percent increase. If people set aside the late notices from 2020, the primary reason for the gap between compromises versus people impacted is a 42 percent rise in the number of supply chain attacks compared to Q4 2020.

Supply Chain Attacks to Blame for Increasing Numbers

We’ve talked about this kind of attack before. Supply chain attacks happen when cybercriminals attack a vendor to access the systems or data of the company’s customers. Think Blackbaud in 2020 or Accellion this year. Supply chain attacks at 27 third-party vendors impacted 137 U.S. organizations and seven million individuals this quarter. There were 19 supply chain attacks in Q4 2020.

Top Root Causes for Q1 2021 Data Compromises

By the way, phishing and ransomware attacks remained the number one and two root causes of data compromises in Q1, according to the Q1 2021 Data Breach Report. Malware was a distant third, but supply chain attacks were only slightly behind. At the current growth rate, supply chain attacks could pass malware in Q2 2021.

Blackbaud Continues to Result in New Data Breach Notices

The double-digit jump in supply chain attacks in Q1 2021 does not include the continual impact of third-party exploits first reported in 2020. The mid-year 2020 attack against IT provider Blackbaud continues to result in new data breach notices: 62 in Q1 2021 that impacted an estimated 146,000 individuals. To date, nearly 13 million people and 555 organizations have been affected by this single event.

SolarWinds Supply Chain Attack

Q4 2020 ended with a blockbuster revelation of a supply chain attack against key cybersecurity and software companies – namely SolarWinds – that was the tip of a much bigger iceberg. In Q1 2021, major supply chain attacks against Microsoft, Accellion and other service organizations were announced. The attacks put the personal information of millions of individuals and corporate IPs at risk.

Cybercriminals Continue to Focus on Credential Theft

Here’s the bottom line from the Q1 2021 Data Breach Report: The Q1 trends continue to point to a rise in cybercrimes focused on stealing company resources using personal information. The broader trend of cybercriminals preferring to exploit multiple organizations through a single point-of-attack may also be accelerating.

That may sound like good news for individuals. However, what it means is that businesses and individuals alike need to adapt to the new ways cybercriminals are behaving.

Contact the ITRC

If anyone has questions about keeping their personal information private and how to protect it, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics. That’s also where people will find the detailed version of our Q1 2021 Data Breach Report.

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started.

Be sure to listen next week to our sister podcast, The Fraudian Slip, where we will talk about identity management and how companies are coming together to protect identity information. We’ll be back soon with another episode of the Weekly Breach Breakdown.