Publicly reported US identity compromises dropped 33% in the first half of 2020 compared to the first half of 2019, according to research released Tuesday by the nonprofit Identity Theft Resource Center (ITRC).
Breaches impacting individuals have also dropped 66%, according to the ITRC’s data breach analysis. The nonprofit cataloged 540 public reported data breaches impacting 163,551,023 individuals as of June 30, 2020. In contrast, there were 811 breaches in 2019 impacting 493,011,910 individuals, according to the ITRC.
Attacks by external threat actors are still the most common cause of a data breach (404 so far in 2020), but compromises caused by internal threat actors are at a three-year low (83 so far in 2020) as more people work from home and have less access to internal systems and data, the ITRC said.
“The decrease in data breaches is consistent with threat actors consuming data during the global pandemic instead of gathering new identity information to fuel a variety of COVID-19-related and traditional fraud such as phishing scams and credential stuffing cyberattacks,” the ITRC report said.
Data breaches involving third-party contractors and vendors are also down (53 so far in 2020).
“The decrease in the number of data breaches and individuals impacted is good news for consumers and businesses overall,” said Eva Velasquez, president and CEO of the ITRC, in a statement. “However, the emotional and financial impacts on individuals and organizations are still significant.”
SEE: 65% of organizations saw at least 3 OT system intrusions within the past year (TechRepublic)
The impact on individuals may be even more harmful as criminals use stolen personal information to misappropriate government benefits intended to ease the impact of the COVID-19 pandemic, Velasquez said.
Unless there is a significant uptick in reported data breaches, the ITRC projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.
“With so much data being consumed and so much focus on improved cyber-hygiene at work and home, the available pool of useful data is being reduced,” Velasquez said.
However, the organization believes the lower number of breaches is only temporary, stating that cybercriminals are using data stolen in breaches dating back to 2015 to execute scams, credential stuffing attacks, phishing attacks and fraud that requires identity data. Threat actors are likely to return to more traditional attack patterns to replace and update identity information needed to commit future identity and financial crimes, the ITRC added.
“Cybercriminals will have to act to update their data at some point, which will lead to a return to more normal threat patterns,” Velasquez said.” While it is too early to tell when that may occur, it likely won’t happen overnight, but breaches will gradually increase over time.”
The ITRC, which was established in 1999 to support victims of identity crime, “will continue to help victims by guiding them on the best ways to navigate the dangers of exposed personal information from a data breach and the risks of identity crime as a result,” Velasquez said.
For anyone that has been a victim of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case.