Data breaches tend to get plenty of press, such as last year’s hack of Capital One that stole the data of more than 106 million people who had applied for credit with the company, or—more salaciously—the 2015 data breach of extramarital affairs dating site Ashley Madison. And perhaps they’ve become so commonplace that the press is starting to give them less play and/or 2020 is just so packed with news that cybercrime has dropped a few tiers in the worthwhile news hierarchy.
Whatever the case, you’d probably think that the worldwide COVID-19 pandemic would make it easier for cybercriminals to snatch data, what with millions of Americans working from home where cybersecurity and data protection tools are likely weaker than found in the workplace.
Surprise!—data breaches are down . . . significantly. In fact, the number of data breaches has dropped by almost 33 percent in the first six months of this year, when compared to the equivalent time frame in 2019. And the number of people impacted is down an even more significant 66 percent. The Identity Theft Resources Center recorded 540 data breaches impacting 163,551,023 individuals for the first six months of 2020, compared to 811 breaches impacting 493,011,910 people for the 2019 January-June period.
The center projects that if the pace continues, 2020’s year-end number will come in at 1,080 data breaches impacting 327,102,046 people. That would be the lowest number of breaches and fewest impacted people since 2015.
External threats from cybercriminals in the vein of the pesky “Dark Overlord” and “REvil” have been identified as responsible for 404 of 2020’s successful data compromises. B-A-D-bad employees were responsible for 83, while apparently shady third-party contractors were responsible for the remaining 53. During the same 2019 period cybervillains caused 588 breaches; wayward employees caused 126, and disreputable third-party contractors caused 89.
The Identity Theft Resource Center believes that the reduction in data breach numbers will be temporary and is caused in part by cybercriminals already having so much data to work with. In fact, they have billions of personally identifiable information (PII) data points stolen from prior breaches with which to execute all kinds of scams and attacks. At some point, though, as companies and individuals continue to stiffen PII protection, cybercriminals will deplete their reservoir of useful data and need to go out in search of the latest updates.