In 2021, there were more data compromises reported in the U.S. than in any year since the first state data breach notice law became effective in 2003, according to the 2021 Data Breach Annual Report released by the Identify Theft Resource Center.

What’s more, the overall number of data compromises (1,862) is up 68% over 2020 and represents a 23% increase over the previous all-time high of 1,506.

Report Findings

  • The number of data events that involved sensitive information such as social security numbers increased slightly from 2020 as a percent of the overall number of compromises (83% vs. 80%) but remained well below the previous all-time high of 95% set in 2017.
  • Ransomware-related data breaches have doubled in each of the past two years. At the current growth rate, ransomware attacks will pass phishing attacks as the No. 1 root cause of data compromises in 2022.
  • The number of data breach notices that do not reveal the root cause of a compromise (607) has grown by more than 190% since 2020.
  • The number of supply chain attacks, where a single organization is attacked to obtain the data of multiple entities, is obscured by the root cause of these compromises (e.g., phishing, ransomware, malware, etc.). In 2021, supply chain attacks would be classified as the fourth most common attack method if listed as a stand-alone cause.
  • There were more cyberattack–related data compromises (1,613) in 2021 than all data compromises in 2020 (1,108).
  • Compromises increased year-over-year in every primary sector but one: military, where there were no data breaches publicly disclosed. The manufacturing and utilities sector saw the largest percentage increase in data compromises at 217% over 2020.
  • As identity criminals focus more on specific data types rather than on mass data acquisition, the number of victims continues to drift downward, with a 5% decrease in 2021 compared to the previous year. The number of consumers whose data is compromised multiple times per year, though, remains excessively high.

U.S. Data Compromises by Year

  • 2015: 785
  • 2016: 1,099
  • 2017: 1,506
  • 2018: 1,175
  • 2019: 1,279
  • 2020: 1,108
  • 2021: 1,862

Global Victims by Year

Note: The figures below represent the number of people worldwide impacted by U.S. data breaches.

  • 2015: 318 million
  • 2016: 2.541 billion
  • 2017: 1.825 billion
  • 2018: 2.228 billion
  • 2019: 884 million
  • 2020: 310 million
  • 2021: 294 million

“There is no reason to believe the level of data compromises will suddenly decline in 2022,” wrote the report’s authors. “As organizations of all sizes struggle to defend the data they hold, it is essential that everyone practice good cyber-hygiene to protect themselves and their loved ones from these crimes.”