The number of publicly reported breach victims in the US has soared by 564% from the end of 2020 to the first three months of this year, according to the latest data from the Identity Theft Resource Center (ITRC).
The non-profit claimed that 51 million consumers were affected by incidents in Q1 2021, versus eight million in the final three months of 2020.
However, the volume of breaches only rose by 12%, or 363, over the same period. The ITRC claimed this disparity could be explained by the increase in supply chain attacks, where a single breach leads to the compromise of multiple organizations, and many more victims than would usually be expected.
A case-in-point here is the cyber-attack on organizations running Accellion’s legacy file transfer software. Although this was counted as a single breach, it actually affected scores of customers.
Supply chain attacks surged by 42% from Q4 2020 to the first quarter of 2021, with 27 such incidents affecting seven million people in Q1 2021, according to the ITRC.
Previously disclosed supply chain attacks continue to result in new breach notices: the infamous Blackbaud breach led to 62 new notices in Q1 2021, impacting around 146,000 new individuals. Over 12.8 million people and 555 organizations have now been affected by the attack first reported in mid-2020.
Phishing and ransomware continue to be the top sources of data compromise in the US, according to the report.
“While the number of data compromises is only up slightly, the rise in supply chain attacks is troubling,” said Eva Velasquez, president and CEO of the ITRC.
“Supply chain, phishing and ransomware attacks reflect a broader trend that cyber-criminals want to exploit multiple organizations through a single point-of-attack. The most important action people can take to help protect themselves is to exercise good cyber-hygiene habits.”