Commentary

The Growing Victim List: Data Breaches Rose In Q1, Hitting More People

Email marketers just starting to think they see a sliver of recovery should keep this in mind: Data breaches continue to proliferate with depressing regularity, with email as a primary vector. 

The number of reported breaches — 351 — is up 12% over fourth-quarter 2020, although that includes 59 incidents that occurred in that last quarter but were not reported until Q1 of this year, according to The Q1 analysis from Identity Theft Resource Center (ITRC).

Worse, 51 million individuals were affected in the first quarter, vs. 7.6 million in the last quarter of 2020. However, the total is down from 131.6 million in the first quarter of last year and 384.3 million in Q1 2019.

As might be expected given the pandemic, the healthcare sector was first in the number of breaches reported in Q1, at 77. That number has declined from 86 in the same quarter in 2020, and from 79 in 2019. But more people were affected — 3.2 million, versus 1.4 million last year and 2.7 million in 2019. 

Financial services were second — there were 51 breaches hitting 1.7 million people, up from 35 breaches affecting 1.3 million in Q1 2020.

Nonprofits saw almost a doubling — from eight attacks in Q1 2020 to 15 in this quarter. And the number of people exposed skyrocketed from 13,811 to 502,603. 

Government entities saw a falloff in attacks from 14 to 11. But 647,917 individuals were impacted, up from 21,993 in 2020. 

In Q1 of this year, there were 318 cyberattack breaches, conducted via these vectors:

  • Phishing/Smishing/BEC — 118
  • Ransomware — 62
  • Malware — 34
  • Non-secured Cloud Environment — 4
  • Credential Stuffing — 2
  • Zero Day Attack — 11
  • Other, not specified — 97

Then there were 33 system & human errors, impacting 396,243 individuals:

  • Correspondence (email/letter) — 14
  • Failure to configure cloud security — 4
  • Lost device or document — 2
  • Other, not specified — 9

Moreover, there were 12 physical breaches, compromising 32,595 individuals: 

  • Device Theft — 3
  • Document Theft — 1
  • Other, not specified — 8

Finally, there were 27 third-party supply-chain attacks, affecting 7.4 million individuals. 

 

Next story loading loading..