Better Business Bureau of Mid-South: Data breaches are increasing – The Commercial Appeal

The Identity Theft Resource Center (ITRC) has been tracking public reports of data breaches and other forms of data compromises for 20 years. The number of data compromises reached an all-time high of 3,322 in 2025, a 79% jump over five years.
The number of victims declined dramatically from 2024, or 1.36 billion down to 278.8 million, although the ITRC attributes the decline to attackers shifting from mega-breaches to more frequent, targeted attacks on high-value data repositories. It cautions that the numbers are a conservative estimate because 8% of the public breach notices it tracked didn’t include the number of people impacted.
The ITRC is concerned about a downward trend in transparency. In 2020, nearly every organization that suffered a data breach provided clear details on what happened. Only 30% did so in 2025, likely to mitigate their legal or reputational risk. But the ITRC says that makes it difficult for people and institutions to judge their own level of danger and to know what steps to take to protect themselves.
The ITRC partnered with SurveyMonkey to ask 1,040 consumers if they had received a data breach notice in the past twelve months; 80% had received a notice and almost 40% had received 3 to 5 notices. The survey found that 88% of them experienced at least one negative consequence as a result of a breach, including an increase in phishing attempts, spam email, robocalls, and/or the attempted takeover of an existing account.
The top industries suffering data compromises were, in order, financial services, health care, professional services, manufacturing and education. Professional services saw the biggest growth in attacks as a stepping stone to hacking their clients. The category includes lawyers, doctors and consultants.
Criminals are prioritizing static identifiers that facilitate long-term identity frauds as opposed to easily replaceable data like credit card numbers. Static identifiers include Social Security numbers, driver’s licenses, and bank accounts.
The ITRC offers tips to help protect yourself from being a victim of a data breach and for actions to take after receiving a notice. Protective steps include:
· Freezing Your Credit: This is the most effective way to prevent unauthorized accounts from being opened in your name.
· Adopting Passkeys: Whenever possible, use passkeys instead of passwords as they do not require businesses to store secret information that can be stolen, and you do not have to remember the passcode.
· Use a Password Manager: For accounts that still require passwords, use a manager to ensure every account has a unique, complex password (at least 12–15 characters).
· Enable Multi-Factor Authentication (MFA): Activate MFA on all sensitive accounts to add a critical layer of defense.
If you’re notified that your information has been compromised, change impacted passwords immediately. Be hyper-vigilant regarding unsolicited emails, texts or calls. Sign up for credit or identity monitoring offered by the company.
The ITRC’s tips for small businesses to help prevent breaches include:
· Implementing “Least Privilege” Access: Ensure employees only have access to the specific systems and data required for their roles.
· Mandating MFA and Passkeys.
· Conducting Regular Employee Training: Teach employees to change risky behaviors and recognize attacks.
The ITRC recommends that lawmakers and regulators mandate minimum standards for transparency in data breach notices, including disclosing the exact cause of the breach.
Randy Hutchinson President & CEO of Better Business Bureau of the Mid-South.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.