Social Security Numbers (SSN) are the type of sensitive data most commonly targeted in data breaches in the United States, according to new research published today by Spirion.
Analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States revealed that 65% of all sensitive data incidents in 2021 involved SSN.
The finding was included in the data protection and privacy company’s Definitive Guide to Sensitive Data Breaches: America’s Top Leaks, Attacks and Insider Hacks. Spirion’s guide is based on the analysis of more than 1,500 data breaches involving sensitive data in the United States last year.
A total of 1,862 data compromises were reported by US organizations last year, representing a 68% increase over 2020 and making 2021 steal 2017’s title of the most prolific year on record for data breaches. ITRC data showed that 83% of the year’s incidents impacted more than 150 million individuals by exposing 889 million sensitive data records.
Personal Health Information (PHI) was the second most targeted form of sensitive data and was the focus of 41% of data incidents. The third most predated forms of sensitive data were bank account information and driver’s licenses, which were each involved in 23% of incidents.
The majority of individuals affected by sensitive data breaches in 2021 (84%) were victims of incidents in the professional and business services, telecommunications and healthcare industries. The 157 reported data breaches in the professional and business services sector impacted 52 million individuals (or 35% of total individuals). Just eight incidents in the telecommunications industry impacted 47.8 million individuals (or 32% of total individuals).
Trends identified in the guide included the emergence of supply chain and third-party attacks as a leading contributor to sensitive data compromises.
“A total of 93 third-party attacks impacted 559 organizations, exposing more than 1.1 billion data records,” said a Spirion spokesperson.
“Of these incidents, 83% contained sensitive data, revealing PII [personally identifiable information] for 7.2 million people.”
Another trend was experiencing multiple data breaches in one year – a fate suffered by more than two dozen US organizations in 2021.