The volume of publicly reported data compromises in the US soared 68% year-on-year to a record high of 1862, according to new data from the Identity Theft Resource Center (ITRC).
The non-profit said the figure was 23% higher than the previous record, set in 2017.
The number of victims was down 5%, continuing a recent trend as threat actors focus their efforts on collecting specific data types rather than acquiring mass troves of data indiscriminately.
Ransomware continues to be a significant driver of the overall upward trend for breaches: data compromises related to these attacks have doubled in each of the past two years. Ransomware is on course to surpass phishing as the number one cause of breaches in 2022, the ITRC claimed.
Although the report covers leaked and breached data, compromises stemming from cyber-attacks were by far the most significant cause. In fact, there were more of these incidents in 2021 (1603) than there were data compromises in 2020 (1108).
The manufacturing and utilities sector reported the largest percentage increase in data compromises, up 217% over 2020. Every sector saw a rise in incidents bar the military vertical, where there were no publicly reported breaches.
Reporting is also becoming more opaque: the number of data breach notices that did not reveal the root cause of a compromise (607) grew by over 190% year-on-year in 2021.
The only positive from the report was that the number of data events involving sensitive information like Social Security numbers increased only slightly year-on-year. It nudged up from 80% to 83% over the period but is still well below the record high of 95% in 2017.
ITRC president and CEO Eva Velasquez argued that 2021 had seen a shift in the identity crime space.
“Too many people found themselves in between criminals and organizations that hold consumer information. We may look back at 2021 as the year when we moved from the era of identity theft to identity fraud,” she said.
“The number of breaches in 2021 was alarming. Many of the cyber-attacks committed were highly sophisticated and complex, requiring aggressive defenses to prevent them. If those defenses failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”