ForgeRock Consumer Identity Breach Report: U.S. Breaches Cost Over $1.8 Trillion; More Than 7.8 Billion Records Exposed Over Last Two Years

Cost of data breaches in 2019 increases over 87% from 2018 

SAN FRANCISCO – June 3, 2020 – ForgeRock^®, the leading provider in digital identity, today announced findings from its ForgeRock Consumer Identity Breach Report, including that cybercriminals exposed more than 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations. Coupled with the 2.8 billion records that were exposed in 2018 costing more than $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion.

Key takeaways from the report include:

• Breaches have increased dramatically, both in actual numbers and costs
• No industry is safe: Healthcare was the most targeted industry in 2019, accounting for 382 breaches and costing over $2.45 billion. Technology firms had the highest number of records compromised from breaches with over 1.37 billion exposed
• Unauthorized access was the most common attack vector used in 2019, responsible for 40% of breaches, followed by ransomware and malware at 15% and phishing at 14%
• Identity and Access Management technologies hold the key for protecting businesses and consumers

“When it comes to data breaches, we’re seeing the biggest cybersecurity problem continues to be an identity problem,” said Eve Maler, CTO, ForgeRock. “The Consumer Identity Breach Report’s findings demonstrate that enterprises need to increase their identity and access management maturity. The secret is democratizing data control so organizations can allow known users to hop onto authentication “express lanes” for a great experience, entrusting them with convenient consent options, and make bad actors jump through extra hoops to help prevent fraud.” 

Consistent with the 2018 Consumer Breach Report, personally identifiable information (PII) remained the most targeted data by attackers and was exposed in 98% of 2019 breaches, up from 97% in 2018.

• Unauthorized access was the most common attack vector used in 2019, responsible for 40% of breaches, followed by ransomware and malware at 15% and phishing at 14%.
• By targeting PII and leveraging unauthorized access, cybercriminals highlight how weaknesses in enterprises’ identity and access management (IAM) practices increasingly allow for greater volumes and more sensitive types of data to be pilfered.
• In fact, social security numbers (SSNs) were the most targeted type of data compromised as they were exposed in 384 breaches in 2019. 

Based on Q1 2020 data, 2020 is set to outpace 2019 in terms of records breached, despite the fact the number of breaches declining by 57%. There have been 92 data breaches affecting 1.6 billion records in Q1 2020 alone, almost 9% more records than Q1 2019. Healthcare is still the most breached industry in Q1 2020, accounting for 51% of the incidents, which may be due to attackers targeting strained healthcare organizations amid the COVID-19 pandemic. However, the most records exposed throughout Q1 2020 have been from social media firms.

Key findings:

• Following healthcare, the banking/insurance/financial industry was the second most targeted in 2019, accounting for 12% of all breaches. This is followed by education (7%), government (5%) and retail (5%).

• Social security numbers and date of birth details were the most targeted data - accounting for 37% of breached information, yet this is down from 54% in 2018.
• Name and addresses (18%) and personal health information (17%) were the second and third most breached data types, respectively.
• Medical records are the most sought-after type of PII in Q1 2020, accounting for 25% of all exposed data.

Click here to download the 2020 ForgeRock Consumer Identity Breach Report and learn more about using IAM to protect consumer data. 

Methodology
ForgeRock evaluated U.S. electronic data breaches affecting consumers that were reported between January 1, 2019 and March 31, 2020. Only breaches with a known number of consumers or records were incorporated in the report. The breaches were further categorized by industry, type of data breached and type of attack. 

About ForgeRock
ForgeRock^®, the leader in digital identity, delivers modern and comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world. Using ForgeRock, more than a thousand global customer organizations orchestrate, manage, and secure the complete lifecycle of identities from dynamic access controls, governance, APIs, and storing authoritative data – consumable in any cloud or hybrid environment. The company is privately held, and headquartered in San Francisco, California, with offices around the world. For more information and free downloads, visit www.forgerock.com or follow ForgeRock on social media: 

Facebook ForgeRock |Twitter @ForgeRock | LinkedIn ForgeRock |

Press Contact:
Kathleen See
10Fold for ForgeRock
forgerock@10fold.com