ITRC Data Breach Report: Breaches up 17%, Exposed PII Records Down 41%

Posted by Anna Kragie on Feb 7, 2020 12:46:40 PM

The Identity Theft Resource Center's annual report confirmed what we already knew about the state of data breaches: They continue to rise significantly, year-after-year. There is a bit of good news, however, within the ITRC's report: The number of PII and sensitive PII records exposed continues to drop. 

“This year’s report paints a mixed view of the landscape as we continue to work with businesses and consumers alike to thwart cyber criminals and contain their damage,” said Matt Cullina, CyberScout’s EVP of Strategic Partnerships and Managing Director of Global Markets.

“The overall increase in breaches is certainly concerning. However, the extraordinary drop in the number of records exposed and the incredible feat of cutting the sensitive PII exposed by two thirds, indicates that we may be moving in a good direction with regards to the extent of the damage associated with breaches. Businesses and consumers need to continue to be vigilant in protecting data and systems, ensuring they have current protections in place, because even non-sensitive data exposure can lead to more serious issues," he continued. 

Below is a summary of some key stats from the ITRC's annual report:


The amount of data breaches in 2019 hit 1,472, compared to the 1,257 incidents recorded in 2018. The ITRC's report found that hacking was responsible for the highest percentage of data breaches, account for 39% of incidents. Hacking was also responsible for 81% of non-sensitive records exposed. Unauthorized access was noted as the second most common breach method, accounting for 36.5 percent of the data breaches. 

The ITRC team concluded: "By October 2019, the number of data breaches reported had already surpassed the annual figure for 2018. We also saw the rise of a significant new threat - data exposure from unsecured databases – and growth of an existing tactic known as credential stuffing where data thieves use seemingly innocuous information like stolen email addresses and logins to attempt to access various kinds of accounts. Third-party vendors also continued to be a source of data breaches through accidental release or supply chain cyberattacks."

The group also noted that many of the data breach trends are gaining ground thanks to hackers having access to new types of technology that allows for greater levels of exposure, new methods for consumers and businesses to share data, and new methods that hackers have found to exploit an increased amount of digital data being shared. 

"...Unsecured data and credential stuffing attacks were facilitated by the general trend of more people having access to varying levels of technology. Additionally, users may or may not have had the knowledge to ensure they used the technology in a secure way," the report concluded. 

Below is a summary showing the impact of the increased data breaches and which methods of breaches are accounting for the most sensitive records exposed. Read the full report here.