2021 Was a Record Year for Data Breaches, But Scammers Now Have a New Focus

pcmag.com:

This is the year of the breach, according to the Identity Theft Resource Center (ITRC), but last year was no prize either, according to the group's 16th annual Data Breach Report for 2021.

The good news is that the number of individuals who were hit by security breaches in 2021 declined for the third year to 293 million, down from a record high of 2.2 billion in 2018. The problem is that the percentage of breaches that included the theft of sensitive data like Social Security numbers was up from 80% to 83% year over year, though that was down from 2017's stunning 95%.

The number of data compromises for 2021 overall—1,862—is also the highest recorded. It's 68% higher than the 1,108 in 2020 and 23% higher than 2017's record 1,506.

Scammers have now amassed so much data through these breaches that they're shifting their focus, according to the report. "We may very well look back at 2021 as the milestone year when we officially moved from the era of identity theft to an era of identity fraud," says ITRC President and CEO Eva C. Velasquez.

Mostly, thieves are hacking into businesses using an individual employee's credentials. Attack-vector trends show that the numbers are way up on phishing and smishing as well as ransomware. Physical attacks—in which a crook takes action in the real world, such as stealing documents or devices—are mostly down from 2020 and way down from 2019.

The business sectors that bad actors go after are also in flux, but there's huge growth in attacks on manufacturers and utilities, retail, and education.

The type of PII (personally identifiable information) data compromised the most has always been people's names—but what thieves can really abuse is the Social Security number. There was a huge jump in