While the number of publicly disclosed data breaches totaled 4,145 globally in 2021, a 5% decline from 2020, the bulk of those breaches occurred in the United States. Disclosed data breaches in the U.S. totaled 2,953, or 71% of the global total, according to Risked Based Security Inc. The number of breaches in the U.S. were also up for the year, increasing 11% from the 2,645 breaches reported in 2020.
The gap between the number of breaches reported in the U.S., and those in Canada and the United Kingdom, which reported the second- and third-highest number of breaches in 2021, is startling. There were 181 reported breaches in Canada in 2021 and 125 reported breaches in the U.K.
The rise in reported breaches in the U.S. is due in part to notification laws that require breach disclosures, as well as to the country being the home to a significant number of high value targets, the report says.
Although the number of overall data breaches declined by 14.5 million in 2021 from 2020, there were still 22.7 billion records exposed. Based on those figures, 2021 ranks as the year with the second-highest number of records exposed after 2020, according to the report.
The majority of the records exposed in 2021 (81%) occurred in three breaches, with the largest breach of the year exposing 16 billion records or 70% of the total.
When it comes to the type of data hackers sought, consumer names and Social Security Numbers were the two most-sought-after pieces of information. For the breaches reported in 2021, names were captured in 60% of the incidents, up from 51% in 2020, and SSNs were captured in 41% of the breaches, up from 31% a year earlier. Addresses were exposed in 29% of the cases, up from 25% in 2020, and financial data were compromised in 24%, up from 18%.
Ransomware, which accounted for less than 1% of data breaches in 2016, has grown to become a serious problem in the succeeding years. In 2021, ransomware attacks accounted for 21% of reported data breaches, up from 17% in 2020 and 11.5% in 2019. In total, there were 874 breaches last year that included a ransomware component.
“As one operation shuts down, new groups emerge to take their place and keep the attacks flowing,” the report says.
One problem when it comes to determining the impact of ransomware is that there is less detail around the number of records exposed. “The goal of these attacks is less about targeting certain types of data, like customer account information, and more [about] ‘smash and grab’ operations, with attackers pilfering whatever seems to be of value to the compromised organization,” says the report. “This has contributed to nearly 53% of breaches with an unknown—or more precisely, unconfirmed—number of records compromised.”
On the plus side, for ransomware incidents where the number of records is known, 58% exposed fewer than 10,000 records. “Another positive statistic: the median number of records lost stands at 5,269, well below the 10K mark,” the report says. “Lastly, the number of breaches [with a ransomware component] exposing 10 million or more records is well below its 2019 peak of 68 incidents.”