Cybercriminals shifted away from stealing individual consumers’ information in 2020 to focus on bigger, more profitable attacks on businesses, according to a report from the Identity Theft Resource Center.
The nonprofit, which supports victims of identity crime, found that the number of U.S. data breaches fell 19% in 2020 to 1,108. But the number of individual victims of such cybercrimes fell 66% compared with the year prior.
Ransomware and phishing attacks are now the preferred form of data theft because they require less effort and generate bigger payouts. The ITRC said that one ransomware attack can generate as much revenue in minutes as hundreds of individual identity theft attempts over months or years.
According to cybersecurity firm Coveware, the average ransomware payout has grown from less than $10,000 per event in 2018 to more than $233,000 per event in 2020.
However, experts urge consumers not to let down their guard.
According to the ITRC report released Thursday, even with the decline, there were still 300.5 million individuals impacted by data breaches in 2020. Although this figure may include repeats, where a person is victimized multiple times.
“People should understand that this problem is not going away,” said Eva Velasquez, ITRC’s president and CEO. “Cybercriminals are simply shifting their tactics to find a new way to attack businesses and consumers.”
One rising trend is attacks on third parties, such as a vendor, that would yield access to multiple organizations through a single attack. Often, the organization is smaller, with weaker security measures than the companies they work for.
Additionally, the pandemic may have fueled some changes, with employees working remotely and potentially exposing their company networks to criminals. There was also an increase in unemployment fraud as cybercriminals tapped into those systems, which were overwhelmed with claims and new protocols.
Velasquez urged consumers to remain vigilant in protecting their personal and professional information. Criminals will continue to use personal information even if the means by which they obtain it has changed.
“We are not out of the woods,” she said. “It’s not time for consumers to breathe a sigh of relief.”
Related: Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report
Related: Verizon 2020 DBIR: More Extensive, More Detailed and More Thorough Than Ever

More from Associated Press
- Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
- Biden Picks New NSA Head, Key to Support of Ukraine, Defense of US Elections
- White House Unveils New Efforts to Guide Federal Research of AI
- Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US
- China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States
- ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence
- Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades
- Executive Fired From TikTok’s Chinese Owner Says Beijing Had Access to App Data in Termination Suit
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
