Consumer Identity Breach Report Shows 450% Surge in Breaches Containing Usernames and Passwords


ForgeRock, a digital identity firm, announced findings from its 2021 Identity Breach Report, revealing an unprecedented 450 per cent surge in breaches containing usernames and passwords globally. The report also found unauthorised access was the leading cause of breaches for the third consecutive year, increasing year-over-year for the past two years, accounting for 43 per cent of all breaches in 2020.

Notably, unauthorised access continues to be the leading cause of breaches. Questionable yet common security practices, like sharing or reusing passwords, gave bad actors an easy path to gaining access to personally identifiable information (PII), such as date of birth and Social Security Number information, which is found in one-third of all breaches.

“For too long, usernames and passwords have been the backbone of providing people secure access to their digital lives. The findings in our identity breach report reveal that it’s time for change,” said Fran Rosch, CEO, ForgeRock. “The surge in breaches involving usernames and passwords at an astounding 450 per cent emphasises the need to adopt a strong digital identity and access management solution that offers the ability to go passwordless. It also gives companies a much better chance at reducing data exposure, as well as lowering their reputational and financial risk.”

Also Read: The Digital Maturity Model: How Does Marketing Score?

Other key U.S. findings from this year’s report include:

  • Phishing (25 per cent) and ransomware (17 per cent) were the second and third most frequent causes of breaches.
  • The average cost of a breach in the U.S. increased to $8.64 million – the highest in the world.
  • Healthcare was the most targeted industry for the second year with the highest number of breaches.
  • Mega-breaches decreased but the total number of breaches increased to 930, up from 887 in 2019.
  • The technology sector paid the highest aggregate cost of recovery from breaches at $288 billion.
  • Cybercriminals were more targeted in their quest to extort money in exchange for valuable information, honing in on specific industries in 2020.

In addition to US data breaches, ForgeRock’s Consumer Identity Breach report also highlights attacks in other regions around the world, including the United Kingdom, Germany, Australia and Singapore.