Data breaches and cyber attacks in 2021: 5.1 billion breached records

Welcome to our review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks.

Here, you’ll find an overview of the cyber security landscape in 2021, including the total number of publicly disclosed security incidents, the number of compromised records and the sectors most susceptible to data breaches.

Overview

IT Governance discovered 1,243 security incidents in 2021, which accounted for 5,126,930,507 breached records. That represents an 11% increase in security incidents compared to 2020 (1,120).

By contrast, there was a significant decrease in the number of breached records over the same period (20.1 billion).

However, it’s worth noting that in most cases, the organisation doesn’t reveal the number of records involved, either because it doesn’t know or isn’t compelled to make the information public. As such, the true number of breached records will be considerably higher.

Meanwhile, it has long been speculated that the pandemic would negatively affect organisations’ cyber security practices, with some pointing to the data protection risks associated with remote working.

Our findings support this theory. As you can see from the chart below, we discovered far fewer incidents in the second half of the year, after COVID-19 restrictions eased in countries across the globe and people returned to the office.

In the first 6 months of the year, we found 727 publicly disclosed security incidents. It was around this time that countries across Europe began lifting their restrictions. The UK celebrated ‘Freedom Day’ on 19 July, with the end of social distancing and mask mandates, while similar decisions were made at state-level in the US.

These rulings coincided with a decrease in the number of data breaches in the second half of the year, as we discovered just 515 publicly disclosed incidents.

How security incidents occurred

In compiling our monthly lists, we distinguish between breaches caused by an organisation’s employees (‘data breaches’) and those that result from criminal hacking (‘cyber attacks’).

We also give ransomware its own category, due in part to the frequency of attacks and to differentiate it from intrusions that may be harder to detect, such as password breaches.

Separating security incidents in this way reveals more about how they happen and who is to blame, as you can see in the chart below:

Cyber attacks were by far the most common type of security incident in 2021 – although this encompasses a broad range of threats. Looking at it more specifically, criminal hackers were most likely to target organisations by gaining unauthorised access to a corporate account.

Of the incidents in which the source of the breach was known, 29% occurred as a result of unauthorised access. Phishing is the most common attack vector, with fraudsters often leveraging their access to conduct ransomware attacks.

Speaking of ransomware, we discovered 401 such incidents in 2021, a 39% increase over the previous year (289).

This shouldn’t come as a surprise to anyone who followed the cyber security headlines last year; in January, the World Economic Forum listed cyber crime alongside COVID-19, climate change and the debt crisis as the biggest threats facing society in the next decade.

That statement was soon justified, with healthcare facilities and hospitals facing a barrage of attacks throughout the year.


If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the support you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.


Meanwhile, organisations suffered 292 data breaches due to employee error.

Of these, accident and negligence were the most common cause, accounting for 51% of all data breaches. This includes mistakes such as sending information to the wrong person, leaving physical or digital files in a public place or failing to install updates.

Another common cause was malicious insiders. We catalogued 47 of these incidents, which occur when a current or former employee deliberately steals sensitive data or sabotages an organisation.

They typically do this for financial gain, either using the stolen information to commit fraud or selling it to a third party, such as a competitor or a criminal hacking group.

However, some malicious insiders are motivated by revenge, which is most likely to occur when an employee has been fired or feels unvalued in their role.

We also detected 30 data breaches that occurred when physical assets were compromised. For example, we discovered several incidents of healthcare facilities leaving patients’ medical records in public spaces, often because they hadn’t been properly disposed of or because an employee took them out of the premises and misplaced them.

The biggest data breaches of 2021

It’s hard to know definitively how many personal records are compromised each year, because few publicly disclosed incidents contain this information. This is typically the case when the organisation doesn’t know or isn’t obliged to say.

However, where this information was revealed, we discovered 5,126,930,507 breached records.

The incidents that resulted in the highest number of breached records in 2021 were:

  1. Comcast (1.5 billion)
  2. Brazilian resident data leak (660 million)
  3. Facebook (533 million)
  4. LinkedIn (500 million)
  5. Bykea (400 million)

Although all of these incidents were costly, it’s worth noting that incidents with a high number of breached records aren’t necessarily the most damaging overall.

The LinkedIn breach, for example, comprised information scraped from people’s public profiles. No financial records were affected, and although attackers will almost certainly have used the information in scams designed to turn data into currency, it’s unclear how successful that was.

By contrast, the much-publicised ransomware attack on Colonial Pipeline affected a limited amount of personal data (the attackers reportedly gained access to the organisation’s systems after stealing an employee’s login credentials in a phishing attack), but the attackers were able to leverage that information to cause far greater damage.

The fuel supplier’s systems were crippled by ransomware, and it was forced to shut down its operational technology network and billing system.

As a result, petrol stations were left without fuel, and people hoarded supplies – often in buckets, plastic bags and other unsafe materials – as the crisis deepened.

It was arguably the most damaging cyber security incident of the year, with Colonial Pipeline eventually paying the attackers $4.4 million (about £3.3 million at the time) to regain access to its systems.

Which sectors are the most vulnerable?

For the third consecutive year, the healthcare and health sciences sector suffered the greatest number of data breaches. We recorded 277 incidents, which accounted for 297 million breached records.

This is concerning not just because of the sheer number of records affected but also the types of data involved. For example, depending on the nature of the incident, healthcare breaches can reveal medical issues that can affect victims’ reputations.

Likewise, healthcare data can be used to conduct fraud, launch phishing attacks and, in some cases, reveal financial data.

The public sector was the other main contributor, accounting for 263 publicly disclosed incidents. However, those breaches were larger on average, with a total of 794 million breached records.

Despite being only the fourth most breached sector, technology and media organisations were responsible for the most breached records (1.8 billion). This is mostly thanks to large-scale breaches such as those at Facebook and LinkedIn, which made up more than two thirds of that total.

Keeping your organisation secure

With 2021 now in the books, organisations must start to prepare for the challenges that await in the new year. Using the information collected here, you will have a good idea of the threats you must address and the trends to look out.

Whatever challenges you wish you address, IT Governance is here to help. That includes supporting those seeking Cyber Essentials certification or implementing an ISMS (information security management system).

We also have have a selection of staff awareness e-learning coursesdocumentation toolkitssecurity testing solutions and consultancy packages to help organisations succeed no matter what challenges await.