It's shaping up to be a bad year for data breaches. In fact, 2021 is on pace to be the worst year ever.
The number of publicly-reported data compromises in the U.S. through September of 2021 has already surpassed the total number of compromises in 2020 by 17%, according to the Identity Theft Resource Center (ITRC), a nonprofit that works to support victims of identity crime. There have been 1,291 breaches in 2021 so far compared to 1,108 breaches in 2020, and the trend is pointing to a record-breaking year for data breaches.
The all-time high for most data compromises in a single year was set in 2017 with 1,529 breaches, according to ITRC.
There were 491 publicly-reported U.S. breaches in the second quarter of 2021 and 446 breaches in the third quarter. The U.S. is now only 238 data breaches away from tying the all-time record, said Eva Velasquez, president and CEO of the ITRC, in a press release for the organization's third-quarter data breach analysis report.
A data breach is when someone accesses sensitive, confidential or protected information — like names, addresses, phone numbers or even credit card and Social Security numbers — without authority.
You've probably heard of the major data breaches of the last decade, like when 3 billion people had their birthdays, email addresses or security questions stolen during Yahoo's 2013 breach or when 150 million had their data taken via MyFitnessPal in 2018. There was Equifax, Adobe... the list goes on. Just last week, the luxury department store chain Neiman Marcus warned approximately 4.6 million online customers that their contact information, payment and virtual gift card numbers, usernames, passwords and security questions may have been taken in a May 2020 security breach.
The number of data breaches from cyberattacks so far this year is bigger than the total number of data compromises from all causes in 2020 (other types of attacks include human error and physical attacks). Two common ways cyberattacks happen are phishing, which is when cybercriminals disguise a dangerous message by pretending to be a sender you know so you'll click or download an attachment, and ransomware, a type of malware in which the hacker locks down a system and demands a fee.
These cybercriminals seem to be getting smarter and smarter by the day.
"Everyone needs to continue to practice good cyber-hygiene to protect themselves and their loved ones as these crimes continue to increase," Velasquez said in the release.
Data breaches and scams: How to protect yourself
Be careful with your passwords. If your email address and password is stolen in one data breach, it may seem like it'd be easy to change that password and move on. But with online accounts for everything from gyms to online retailers to banks, so many people use the same email address for sign-ups and reuse passwords. Don't make hackers' jobs easier. Password managers like Dashlane and 1Password can create unique, hard-to-crack passwords for each of your accounts and protect them all with just one single password you have to remember.
Keep an eye on your accounts. Monitor your online activity so that if you are impacted by a data breach, you realize right away and can change your passwords and report the problem immediately. This means regularly checking in on your credit card charges to ensure nothing seems strange, but also extends to accounts you may not think to check as often, like your 401(k). Many companies give you the option to set up alerts to assist in this monitoring. For example, credit monitoring services like CreditWise can send you notifications when your Social Security number has been used with a new name or address, or you can ask your bank to email you when a certain amount of money is withdrawn.
Don't overshare. Every time you mindlessly create an online account to go shopping or order food, you're forking over more information that could be stolen during a data breach. Before plugging in your information, ask yourself why the company needs that data and if you really need to hand it over.
Be vigilant. If your email inbox or phone are constantly full of new messages, it can be easy to get tricked by a criminal sender in disguise. Double-check that a message is actually coming from who is says it's coming from (for example, a hacker may send an email from @paypal.work.com, instead of just @paypal.com). Misspellings and poorly-written texts and emails are red flags indicating possible scams. If you're suspicious, call the company or person and ask if a message is actually from them before acting on it.
More from Money: