Over 300 million individuals affected by the US data leaks in 2020
The year 2020 was full of challenges. The global pandemic threatened our health and digital safety as cybercriminals took advantage of the worldwide uncertainty for a quick gain.
According to the data analyzed by the Atlas VPN team, over 300 million individuals were affected in 1,108 US data breach and exposure incidents in 2020.
While last year’s data breach and exposure numbers are impressive, the number of such events actually went down by nearly a fifth (19%) from 1,362 in 2019 to 1,108 in 2020.
The calculations are based onby Identity Theft Resource Center, which tracks publicly reported data breaches in the United States.
The number of affected individuals also dropped by 66%, from over 887 million in 2019 to more than 300 million in 2020. In fact, last year, the number was at its all-time low since 2015 when the Data Identity Theft Resource Center first started tracking breach and exposure statistics in the United States.
Cyberattacks were the primary reasons behind such data infringements. They made up the majority — 79% of all the root causes and hit close to 170 million individuals. Phishing, including smishing and business email compromise, was by far the most common cyberattack method behind 44% of such breaches.
Up next are human and system errors. They caused nearly 14% of US cyber incidents when data was hacked and exposed, affecting 130 million individuals. Failure to configure cloud security and email scams were to blame for 38% and 36% of cyber incidents created by internal errors, respectively.
Physical attacks also contributed to data breaches and exposure in 2020. They comprised 7% of such events and impacted 943,645 individuals. Device theft was the most popular method among criminals and made up 38% of physical attacks aimed at obtaining data last year.
Finally, supply chain attacks were another popular method among cybercriminals. The attacks affected 694 entities and more than 42 million individuals last year alone. In supply chain attacks, cybercriminals access the data of a certain organization or even multiple organizations by leveraging a 3rd party vendor (often a smaller organization).
Name and Social Security Number was most commonly leaked data
While data breach and exposure incidents declined in 2020, they still caused tremendous damage, as cybercriminals managed to get a hold of a wide array of sensitive personal information.
The most commonly leaked personally identifiable information type was a name. It was involved in 973 or 88% of last year’s US data infringements.
Up next is the Social Security Number (SSN). There were 556 data breaches and exposure incidents where full SSN was revealed or stolen. Such events made up nearly half of all breaches and data exposures in 2020.
The date of birth was also highly leaked personal information. In total, 428 or 39% of cybersecurity events where data was breached or exposed last year contained birth dates.
Not far behind the date of birth is a person’s current home address. It was breached and exposed in 425 cybersecurity incidents in 2020, which make up 38% of all such events last year.
Medical history completes the top 5 most commonly breached and exposed personally identifiable information types in 2020. It was compromised in 358 or 32% of last year’s cybersecurity cases.
Online security checklist
While no individual or business is completely safe from data leaks, there are some simple tips you can follow to minimize the chances of such misfortune ever happening. Always make sure to:
- Enable two-factor authentication whenever possible;
- Use complex passwords containing a combination of upper and lower case letters, numbers, and other symbols;
- Never re-use the same password for more than one account;
- Keep your software up to date;
- Never open suspicious link or emails;
- Use a VPN, such as , when online to encrypt your connection and protect your data from 3rd parties.
If you are interested to learn more about data breaches in 2020, as well as how to protect yourself against such cyber incidents, visit our previous articles on the topic: