2020 saw fewer data breaches but more records exposed

The number of publicly reported breach events decreased by 48 percent in 2020. However, more than 37 billion records were compromised, an increase of 141 percent.

A report released today by Risk Based Security reveals that this is by far the most records exposed in a single year since the company began reporting in 2005.

"2020 has challenged the security-minded community quite unlike any other, and the number of records exposed highlights how unique the year has been," says Inga Goddijn, executive vice president at Risk Based Security. "We do not believe fewer breaches are happening. Disruptions at certain governmental sources, delayed reporting, and declining news coverage have all contributed to fewer breaches coming to light in 2020, but that is only a part of the story. More complex and damaging attacks have also contributed to lengthy and complex investigations."

There have been 676 breaches involving a ransomware element, a 100 percent increase over 2019. Five breaches were each responsible for exposing a billion or more records. This means 82 percent of the compromised records came from just five breaches. All five were due to misconfigured databases or services.

Healthcare was the worst hit sector, accounting for 12.3 percent of reported breaches, followed by information, finance and insurance, and public administration.

"The rise of ransomware coupled with the particularly pernicious practice of leaking data stolen during the attack has been a leading theme of the year," adds Goddijn. "There were few signs that ransomware would explode into a preferred method for monetizing attacks and while the coverage of breach events has picked up once again, the changing tactics means less information about events is being disclosed. It is anyone’s guess where 2021 might take us."

The full 2020 Year End Data Breach QuickView Report is available from the Risk Based Security site.

Image credit: Photon photo / Shutterstock