What Happened to Data Breaches in 2019?



Since 2005, the Identity Theft Resource Center (ITRC) has been collecting information about data breaches. While we have probably stopped counting the number of data breach notification letters we’ve received over the years, the ITRC has tallied more than 11,000 publicly reported data breaches and related events during the past 15 years.

The annual data breach report released in January 2020 shows the number of breaches was up year over year. That’s only one of the significant trends from 2019 according to Eva Casey Velasquez, the ITRC ‘s CEO and a recent guest on the BBB National Programs’ > Better Series podcast.

“One of the things that have struck me over the last couple of years is the overall number of records breached,” noted Velasquez. “I think we’re going to continue to see these massive, massive breaches with hundreds of millions of records exposed in one fell swoop. And that’s the trend that’s very disturbing to me.”  

Another trend the IRTC identified in 2019 was a rise in the number of data exposures, not breaches, when databases are left open to the internet with no password or other cybersecurity protections. Velasquez describes the difference between the two events this way: “The difference between a data exposure and a data breach is the difference between losing your wallet and having your wallet stolen.”

“Businesses have an absolutely critical mandate to put in best practices to protect this data. Sometimes it’s as simple as checking a box or not checking a box when the databases are set-up. It’s absolutely critical that businesses pay attention to that.”

Velasquez also pointed out that while the motives of businesses and hackers are vastly different, their actions are often very similar. But, new privacy laws are forcing organizations to change the way personal information is collected, used, and maintained.

“The notion that I’m just going to hover up every piece of personal information and collect it because I may be able to monetize it later is no longer a best practice for businesses. But, don’t think for a second that the thieves aren’t of the same mindset. They may not know how they’re going to monetize the data that they’ve captured but they’ll go ahead and hang on to it until the day comes that it becomes useful.”

You can learn more about data breach trends by downloading the ITRC’s 2019 End of the Year Data Breach Report. Listen to the full conversation with the ITRC’s CEO Eva Velasquez on the full episode of the BBB National Program’s < Better Series podcast.