Data breach attacks — those that target consumer details like email addresses to credit card numbers — were down almost 20 percent for 2020, a significant dip from the year prior. Even more key for people? The number of individuals impacted by these breaches fell by more than 66 percent over the year as well.
In 2020, 1,108 breaches and exposures were recorded, according to the Identity Theft Resource Center's (ITRC) Annual Data Breach Report. That's almost down to 2016 levels for the number of attacks. And the number of people impacted fell to below pre-2015 levels, with just over 300 million people affected — down from more than 2.5 billion in 2016.
Companies were hit though
That's not to say that breaches didn't hit companies, and the affect trickle down to people. In 2020, data breaches included Spotify, Marriott and Barnes & Noble which got attacked, and had their customer data in some form compromised. But the ITRC found that the mass attacks that sweep up huge amount of consumer data appeared to fall out of favor in 2020. Instead, targeted attacks on businesses became more of interest.
Attacks that go after large swathes of consumer data appear to be down, replaced with more targeted hacksGetty Images/iStock
With businesses now more of the focus for hackers, the style of attack changed as well, with ransomware and phishing attacks growing. With this style, hackers access company data and hold it ransom, by often logging in with nothing more than a stolen credential, like a user name and password. These can be procured by luring an employee through a phishing attack, the most popular style in 2020, such as pretending to be an IT person needing to verify log-in information — but being a hacker instead.
And ransomware? It's potentially a fruitful endeavor notes ITRC, with the average payout more than $233,000 in the fourth quarter of 2020 — up from less than $10,000 in the third quarter of 2018.
While rare, physical attacks like skimming actually theft of a device, affected just more than 943, 000 people. But hackers went for size when targeting companies — and often preferred to go through a third-party or a supply chain provider, as ITRC notes these adjust businesses can often be smaller, and therefore have less security around their systems.
What can consumers do? They can practice better safety online, locking down their now digital lives from not reusing passwords — and actually picking passwords at least 12 characters long — to even picking up the phone and checking if an email asking for security details like passwords and account numbers is really coming from the company it appears to be.
ITRC also recommends using two-factor or multi-factor authentication, which can help protect access to consumer accounts as well.