Blog
New Report From Flashpoint and Risk Based Security Finds 22 Billion Records Exposed in 2021 Data Breaches
Today, Risk Based Security’s annual Data Breach QuickView Report was released, from Inga Goddijn, Executive Vice President of RBS, and featuring quantitative research from Ashley Allocca, Cybersecurity Intelligence Analyst at Flashpoint. Powered by Cyber Risk Analytics, our annual report outlines some of the year’s most notable trends in breach activity across a variety of industries. The report analyzes the data types and business sectors that were most targeted during the year, and derives important insights that can help organizations with their own threat response and mitigation procedures in 2022.
Table Of Contents
Today, Risk Based Security’s annual Data Breach QuickView Report was released, from Inga Goddijn, Executive Vice President of RBS, and featuring quantitative research from Ashley Allocca, Cybersecurity Intelligence Analyst at Flashpoint. Powered by Cyber Risk Analytics, our annual report outlines some of the year’s most notable trends in breach activity across a variety of industries. The report analyzes the data types and business sectors that were most targeted during the year, and derives important insights that can help organizations with their own threat response and mitigation procedures in 2022.
Data compromises on the rise
The report finds that 4,145 publicly disclosed data breaches took place in 2021, a figure that may increase as more incidents are reported. While this number is down approximately 5 percent compared to 2020, it accounts for over 22 billion records exposed, making 2021 the second highest year for the amount of confidential data compromised since 2005.
Of the 4,145 publicly disclosed events that happened worldwide, 2,932 of them took place in the U.S. This marks a 10 percent increase in the number of breaches that occurred nationally compared to 2020, keeping the U.S. in the top spot for countries with the most data breaches.
At its current pace, 2022 is expected to surpass 2021’s number of reported breaches by approximately 5 percent.
“On January 12, Risk Based Security and Flashpoint announced that we’d be joining forces. Flashpoint is the leading provider of threat intelligence, with expansive data collections backed by an unrivaled team of security analysts and technologists. We’re pleased to include a view into Flashpoint’s breach data collections for 2021, highlighting key observations of activity taking place in illicit communities.”
Ashley Allocca, Cybersecurity Intelligence Analyst at Flashpoint
Targeting personal information
Our report also looks into the type of data most targeted in 2021, and found that names and social security numbers took the top spots this year. Names were compromised in more than 60 percent of reported breaches while social security numbers were included in just over 40 percent. Meanwhile, payment card information was compromised in only 3 percent of events, signaling that this type of data has become less attractive to threat actors.
Industry matters
In a year that was already weighing heavily on the healthcare industry, threat actors also had their sights set on this major sector. Healthcare topped the list for most breaches among 20 industries, accounting for roughly 14 percent of data breaches in 2021. Finance and insurance were second, while government was third, making up 10 percent of the year’s breaches.
However, when broken down into smaller component risk groups, financial services and software providers claimed the top two spots on this list, putting healthcare practitioners’ offices in third, with 40 percent of the healthcare sector’s total.
The 2021 Year End Data Breach QuickView Report covers data breaches publicly disclosed between January 1, 2021 and December 31, 2021.