The volume of data breaches reported in the US is on track for its lowest number since 2015, although hundreds of millions have had their details compromised so far in 2020, according to official figures.
Non-profit the Identity Theft Resource Center (ITRC) records all publicly reported breaches in the country to compile an accurate running estimate across verticals.
It claimed in a Q3 update yesterday that the volume reported so far in 2020 is 30% lower than the same period last year. In terms of individual victims, the figure is 60% lower, at 292 million.
However, the major breach at IT service provider Blackbaud may have skewed results slightly, as the single incident actually caused data loss at hundreds of customers. If this was treated as a series of events, the number of breaches so far this year would only have fallen 10% since 2019, according to ITRC.
What’s more, only a small number of breached Blackbaud clients — 58 out of 247 — have notified how many customers were affected. Currently the number stands at nearly seven million individuals affected, but it could rise significantly.
“If anyone gets a breach notice connected to the Blackbaud data breach, they should act immediately because their information could still be available,” said ITRC president and CEO, Eva Velasquez.
“Whenever someone receives a breach notice, they need to act quickly and decisively because of the risks that come with personal information being exposed.”
The non-profit also reported that cyber-attacks were the primary cause of data compromise in Q3, with phishing and ransomware the most common types. However, if the Blackbaud breach was treated as a series of incidents then supply chain attacks would come top.
A report from Risk Based Security back in August also noted a decline in the volume of reported breaches. However, although the number of breaches fell 52% year-on-year in the first half of 2020, the number of exposed records was estimated to be four-times higher than at any previous time.