Report: 17 % Spike in Data Breaches in 2021
The number of data breaches has already surpassed last year’s total, according to a report from The Identify Theft Resource Center. By the end of the third quarter, there were 1,291 incidents compared with 1,108 in 2020, the center noted. In the third quarter alone, 160 million people were affected. Cyberattacks, which include phishing and ransomware, topped the list of the most common breaches, while healthcare and financial services reported the most incidents. The center said it expected a “record breaking year for data compromises.”
If you are the victim of a data breach, it is important to find out what kind of information is involved and act promptly. Sensitive personal information, such as your Social Security number, is very valuable to criminals. Recent days have witnessed an array of news about data breaches. Among the developments:
Security Q&As included in Neiman Marcus breach
Neiman Marcus revealed in September that 4.6 million customers were at risk when “an unauthorized party” gained access to names, addresses, credit card information, security questions and answers, and gift card numbers in May 2020. The retailer said it was requiring affected customers to change their online account passwords if they hadn’t been changed after the breach.
Individual earnings posted in Twitch leak
Hackers successfully invaded Twitch, a live video gaming site owned by Amazon, and then disclosed personal data, including how much money streamers had earned since 2019 while using the platform. [Streamers can get paid for online broadcasts, and some make a lot of money.] The stolen data was posted on the Dark Web, news reports said, and identified 81 people who had taken in more than $1 million. Twitch says it has reset all its stream keys (which hackers tapped into), including those for PlayStation and Xbox, after the disclosure.
Hiding cyber fraud? DOJ plans to get tough
Federal contractors who fail to disclose cyber fraud will face penalties under the False Claims Act, the Department of Justice announced in October. “For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” said Deputy Attorney General Lisa O. Monaco in announcing the new civil crackdown. Contractors can be held accountable for putting government systems at risk if their cybersecurity systems are deficient, if they misrepresent their practices, or if they violate “obligations to monitor and report cybersecurity incidents and breaches,” the DOJ said.
Interestingly, the Identify Theft Resource Center also noted in its report that some organizations and state agencies were failing to report data breaches on a timely basis, which it called “a disturbing trend.” One state had not reported any notices in more than a year. The center said that such delays can harm victims of identity theft, especially when swift action is often best.
There are no federal laws requiring companies to report data breaches, though all 50 states have different laws with requirement notifications.