Social Security Numbers Most Targeted Sensitive Data
Social Security Numbers (SSN) are the type of sensitive data most commonly targeted in data breaches in the United States, according to new research published today by Spirion.
Analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States revealed that 65% of all sensitive data incidents in 2021 involved SSN.
The finding was included in the data protection and privacy company’s Definitive Guide to Sensitive Data Breaches: America’s Top Leaks, Attacks and Insider Hacks. Spirion’s guide is based on the analysis of more than 1,500 data breaches involving sensitive data in the United States last year.
A total of 1,862 data compromises were reported by US organizations last year, representing a 68% increase over 2020 and making 2021 steal 2017’s title of the most prolific year on record for data breaches. ITRC data showed that 83% of the year’s incidents impacted more than 150 million individuals by exposing 889 million sensitive data records.
Personal Health Information (PHI) was the second most targeted form of sensitive data and was the focus of 41% of data incidents. The third most predated forms of sensitive data were bank account information and driver’s licenses, which were each involved in 23% of incidents.
The majority of individuals affected by sensitive data breaches in 2021 (84%) were victims of incidents in the professional and business services, telecommunications and healthcare industries. The 157 reported data breaches in the professional and business services sector impacted 52 million individuals (or 35% of total individuals). Just eight incidents in the telecommunications industry impacted 47.8 million individuals (or 32% of total individuals).
Trends identified in the guide included the emergence of supply chain and third-party attacks as a leading contributor to sensitive data compromises.
“A total of 93 third-party attacks impacted 559 organizations, exposing more than 1.1 billion data records,” said a Spirion spokesperson.
“Of these incidents, 83% contained sensitive data, revealing PII [personally identifiable information] for 7.2 million people.”
Another trend was experiencing multiple data breaches in one year – a fate suffered by more than two dozen US organizations in 2021.
More Stories
OpenAI’s ChatGPT is Breaking GDPR, Says Noyb
European non-profit Noyb has filed a complaint to the Austrian data protection authority (DSB) over OpenAI’s ChatGPT providing false personal...
Whale Song Code
During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan...
New UK Smart Device Security Law Comes into Force
IoT manufacturers, retailers and importers must comply with new security legislation, the PSTI act, from today Read More
Okta Warns Customers of Credential Stuffing Barrage
Okta has issued customers with new advice on how to block mounting credential stuffing attacks Read More
Friday Squid Blogging: Searching for the Colossal Squid
A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk...
Over 850 Vulnerable Devices Secured Through CISA Ransomware Program
CISA’s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices...