Join Our SMS List
Retirement

Data Breach Transparency: Struggling for Survival

• By gsswpadmin

An annual report from the Identity Theft Resource Center (ITRC) has revealed alarming statistics regarding data breaches in the United States. In 2025, there were a record 3,322 data compromises, yet consumer notifications have seen a significant decline.

According to the ITRC’s Annual Data Breach Report, the situation is dire, with the report stating that “transparency is on life support.” Despite a staggering 79% increase in data compromises over the past five years, only 30% of companies disclosed details about their breaches in 2025. This lack of transparency creates a scenario where consumers and small businesses are essentially “operating blind,” as noted by the ITRC.

Furthermore, the number of individual victim notifications plummeted by 79% in 2025 compared to the previous year. This trend suggests a shift in the tactics employed by attackers. “This divergence indicates that while attackers are more active, they have moved away from the mega-breaches of 2024, such as those involving Ticketmaster and Change Healthcare, toward more frequent, targeted attacks on high-value data repositories,” the ITRC explained.

The nonprofit organization also highlighted that many state laws do not mandate notifications if a company determines there is no risk of harm to consumers. Additionally, most states set a minimum threshold of affected individuals to trigger such notifications. As a result, the reported number of data breaches and notifications may be conservative estimates.

In response to evolving threats, hackers have altered their tactics. The ITRC’s analysis indicates a notable shift towards “static identifiers” such as Social Security numbers, driver’s licenses, and bank account information, rather than credit card details, which can be easily changed. Compromises involving these static identifiers have surged significantly over the last five years.

Moreover, hackers are increasingly retaining and reusing old data with the aid of artificial intelligence. “Hackers use AI to repackage old stolen records to launch new attacks,” said the ITRC. Notably, one of the major compromises in 2025 involved data obtained from a 2021 breach of AT&T.

Phishing, smishing (text-based phishing), and business email compromises continue to be the leading causes of data breaches in 2025. Ransomware attacks have also persisted for the second consecutive year. Additionally, the use of Bluetooth-enabled devices has facilitated an increase in physical skimming incidents.

The most important insurance news, in your inbox every business day.

Get the insurance industry’s trusted newsletter

An annual report from the Identity Theft Resource Center (ITRC) has revealed alarming statistics regarding data breaches in the United States. In 2025, there were a record 3,322 data compromises, yet consumer notifications have seen a significant decline.

According to the ITRC’s Annual Data Breach Report, the situation is dire, with the report stating that “transparency is on life support.” Despite a staggering 79% increase in data compromises over the past five years, only 30% of companies disclosed details about their breaches in 2025. This lack of transparency creates a scenario where consumers and small businesses are essentially “operating blind,” as noted by the ITRC.

Furthermore, the number of individual victim notifications plummeted by 79% in 2025 compared to the previous year. This trend suggests a shift in the tactics employed by attackers. “This divergence indicates that while attackers are more active, they have moved away from the mega-breaches of 2024, such as those involving Ticketmaster and Change Healthcare, toward more frequent, targeted attacks on high-value data repositories,” the ITRC explained.

The nonprofit organization also highlighted that many state laws do not mandate notifications if a company determines there is no risk of harm to consumers. Additionally, most states set a minimum threshold of affected individuals to trigger such notifications. As a result, the reported number of data breaches and notifications may be conservative estimates.

In response to evolving threats, hackers have altered their tactics. The ITRC’s analysis indicates a notable shift towards “static identifiers” such as Social Security numbers, driver’s licenses, and bank account information, rather than credit card details, which can be easily changed. Compromises involving these static identifiers have surged significantly over the last five years.

Moreover, hackers are increasingly retaining and reusing old data with the aid of artificial intelligence. “Hackers use AI to repackage old stolen records to launch new attacks,” said the ITRC. Notably, one of the major compromises in 2025 involved data obtained from a 2021 breach of AT&T.

Phishing, smishing (text-based phishing), and business email compromises continue to be the leading causes of data breaches in 2025. Ransomware attacks have also persisted for the second consecutive year. Additionally, the use of Bluetooth-enabled devices has facilitated an increase in physical skimming incidents.

The most important insurance news, in your inbox every business day.

Get the insurance industry’s trusted newsletter