After setting a record for the most recorded data breaches in 2021, hackers aren’t taking time to catch their breath.
Data breaches in the first quarter were up 14% from a year ago, according to the Identity Theft Resource Center (ITRC). That’s three straight years of first-quarter increases. The latest increase follows the 68% increase in violations in 2021 compared to 2020, which broke the previous record, set in 2017, by 23%.
“Traditionally, the first quarter is the lowest number of data breaches reported each year,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “The fact that the number of breach events in the first quarter represents a double-digit increase over the same period last year is another indicator that data breaches will continue to increase in 2022.”
The rush of breaches follows a number of highly complex and sophisticated cyberattacks that occurred in late 2021. The ITRC urged businesses and consumers to practice “good cyber hygiene” to reduce the amount of personal information that the hackers were able to capture.
Between January and March, 404 data breaches were publicly reported. Phishing and ransomware attacks were once again the most common types of intrusions. The healthcare, financial services, manufacturing and utilities, and professional services sectors were the hardest hit during the period. A worrying trend that the ITRC points out is that data breach reporting is still inconsistent, at best. Of the 367 cyberattacks in the first quarter (the others were document or device thefts or email/letter correspondence), 154 did not include the cause of the breach. Therefore, “unknown” was again the most important category.
The ITRC has previously said that the lack of actionable information prevents consumers from taking appropriate action to prevent themselves. Last year, the number of data breach notifications that did not reveal the root cause of the breach increased by 190% compared to 2020.
From the good side
The good news for consumers and businesses is that despite the significantly higher number of breaches in the first quarter, the number of victims was down 50% from the same period a year ago and down 41% from compared to the fourth quarter of 2021. A total of 20.8 million people were affected by the first quarter data breaches.
And while the numbers were higher year-over-year, they were significantly lower than the fourth quarter, falling nearly 30%. The number was also lower than in the second and third quarters of 2021.
Ransomware and phishing programs are the most popular attacks for cybercriminals because they are easier for hackers to pay for than selling consumers’ personal information. These attacks generally require less effort and can be automated.
Hackers, in general, look for the path of least resistance when looking for weaknesses. They are opportunists, looking for systems that haven’t updated their systems with the latest patches. A recent survey by cybersecurity firm Sophos found that 66% of organizations were hit by ransomware attacks in 2021, up from 37% in 2020. Among organizations with encrypted data, the average ransom paid nearly quintupled for reach $812,360. And the number of organizations paying ransoms of $1 million or more has tripled.
When hackers take control of systems, they often try to force companies to pay to unlock those systems for many years. Most businesses, over the years, have learned to have backups of their information, which they would restore and move forward – ignoring the request. In the recent past, however, hackers have changed course and threatened to release this information publicly. And since the companies involved do not know precisely what information was taken, they are forced to engage with the thieves.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.