Data Breaches Continue to Skyrocket in 2022

After setting a record for the most data breaches on record in 2021, hackers aren’t taking any time to catch their breath.

Data breaches in the first quarter were up 14% over a year ago, according to the Identity Theft Resource Center (ITRC). That makes three consecutive years of increases in the first quarter. The latest increase comes on the heels of 2021’s 68% increase in breaches over 2020, which beat the previous record, set in 2017, by 23%.

“Traditionally, Q1 is the lowest number of data compromises reported each year,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “The fact the number of breach events in Q1 represents a double-digit increase over the same time last year is another indicator that data compromises will continue to rise in 2022.”

The early rush of breaches follows a number of highly complex and sophisticated cyberattacks that occurred at the end of 2021. The ITRC urged both businesses and consumers to practice “good cyber-hygiene” to reduce the amount of personal information hackers were able to capture.

Between January and March, there were 404 publicly reported data compromises. Phishing and ransomware attacks were once again the most common types of intrusions. The healthcare, financial services, manufacturing and utilities, and professional services sectors had the most compromises in the time period. One disturbing trend the ITRC points out is reporting on data breaches is still inconsistent, at best. Of the 367 cyberattacks in the first quarter (the remainder were document or device theft or email/letter correspondences), 154 did not include the cause of the breach. As a result, “unknown” was once again the largest category.

The ITRC has previously said that lack of actionable information prevents consumers from taking appropriate actions to prevent themselves. Last year, the number of data breach notices that did not reveal the root cause of that compromise was up 190% percent from 2020.

On the bright side

The good news for consumers and businesses is despite the notably higher number of breaches in Q1, the number of victims decreased 50% compared to the same time period a year ago and was down 41% compared to the fourth quarter of 2021. All totaled, 20.8 million people were impacted by the Q1 data breaches.

And while the numbers were higher on a year-over-year basis, they were notably lower than the fourth quarter, dropping nearly 30%. The count was lower than the second and third quarter of 2021 as well.

Ransomware and phishing schemes are the most popular attacks for cybercriminals because they’re easier money for the hackers compared to the sale of consumer personal information. Those attacks also generally require less effort and can be automated.

Hackers, in general, will search for the path of least resistance when probing for weaknesses. They’re opportunists, who look for systems that have not updated their systems to the latest patches. A recent survey by cybersecurity firm Sophos found that 66% of organizations were hit with ransomware attacks in 2021, up from 37% in 2020. Among organizations that had data encrypted, the average paid ransom increased nearly fivefold to reach $812,360. And the number of organizations paying ransoms of $1 million or more tripled.

When hackers take control of systems, they often try to force companies to pay to unlock those systems for many years. Most businesses, over the years, learned to have backups of their information, which they would restore and move forward – ignoring the demand. In the recent past, though, hackers have switched methods and threatened to release that information publicly. And since affected companies don’t know precisely what information was taken, they are forced to engage with the thieves.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics

Cybersecurity Technology