Supply chain attacks rose 42% in Q1

As a result of widespread breaches, the number of individuals impacted grew more than 560%.

Total U.S. data compromises increased 12% during the first three months of 2021 when compared with the final quarter of 2020. (Credit: Melinda Nagy/stock.adobe.com)

In 2021’s first quarter, nearly 140 organizations reported being impacted by a supply chain attack, which saw an increase of 42% during the period compared with the prior quarter, according to the nonprofit Identity Theft Resource Center (ITRC).

Overall, publicly reported U.S. data compromises increased 12% during the first three months of 2021 when compared with the final quarter of 2020.

However, some 51 million individuals were impacted by a cyberattack during Q1 2021, an increase of 564%, ITRC reported. The chasm between the number of compromises and people affected was due to the spike in supply chain attacks as well as incidents that began in late 2020 and continued to unfold in the new year.

“While the number of data compromises is only up slightly, the rise in supply chain attacks is troubling,” Eva Velasquez, ITRC president and CEO, said in a release. “Supply chain, phishing and ransomware attacks reflect a broader trend that cybercriminals want to exploit multiple organizations through a single point-of-attack. The most important action people can take to help protect themselves is to exercise good cyber-hygiene habits.”

Third-party access

Vendors continued to be targeted for supply chain attacks, with 27 such incidents, which affected nearly 140 entities and more than 7.4 million people during the first quarter, ITRC reported.

While accounting for fewer than 30 occurrences during the quarter, supply chain attacks can cause widespread damage. For example, IT provider Blackbaud’s data breach has affected more than 12.8 million individuals and 555 organizations since being detected in May 2020. They can also result in a spike in claims, as expected with the MS Exchange event.

While supply chain attacks are rising at an alarming rate, the old hacker favorites of phishing and ransomware continue to be the primary root of data comprising events, ITRC found.

By sector, health care continued to be the most targeted industry during the period, with 77 breaches, according to ITRC data. Financial and professional services, education, manufacturing and technology were among the most targeted sectors, as well. Hospitality saw the least exposures, with just six in the quarter.

Related: