According to the Identity Theft Resource Center (ITRC), the number of publicly reported US data breaches and leaks in 2020 dropped roughly 19% from 2019, representing a shift from mass theft of customer data to more lucrative attack types like ransomware. The report combined data from government agencies, other non-profits, news reports, company announcements, and security firms. There were roughly 1,000 breaches, according to ITRC, and 107 data exposures in 2020. These were typically the result of misconfigured cloud servers and AWS buckets.
In 2020, more people were affected by data exposures than data breaches, roughly 156 million and 145 million affected respectively. In 2019, data breaches affected almost five times this figure. The ITRC claims that cybercriminals are shifting towards targeted email compromises using stolen logins or phishing tactics and steering away from bulk data theft. Ransomware and phishing attacks require less effort and are largely automated. They also may generate much higher payouts, which is attractive for APT groups and threat actors who are financially motivated and not focused on data theft.
Read More: US Breach Volumes Fell 19% in 2020 as Ransomware Surges