In the age of information, how safe is our personal data?
To clarify, we took a deep dive into worldwide data breaches in 2021 to see which countries were affected the most. We also took that data and compared it to last year’s statistics by country to paint a picture from a bird’s-eye view.
Some of the most notable cases this year belonged to:
The United States
Largest total number of breached users
A total of 212.4M users affected vs. 174.4M in 2020.
Biggest jump in breaches year over year
156.1M breached users in 2021 vs. 1.4M in 2020.
2021 data breach statistics overview
In general, this year was slightly worse than the last in terms of data breach cases.
In the first 11 months of 2021, a total of 952.8M accounts were breached. In contrast, 921.8M breaches happened in 2020 during the same period (a 3.4% growth, or 31M, year over year). Some of the biggest data breaches this year included COMB, Clubhouse, Facebook and Raychat.
What does this mean? It means that nearly 1 billion email accounts have been exposed in both 2020 and 2021 each. That’s 1 in 5 internet users each year that get affected by data breaches. In theory, it could take only 5 years to expose the entire internet population at this rate.
However, that won’t be the case because, as we’ll see next, data breaches are more centralized across specific countries, and accounts can be breached more than once.
The top five countries with the largest number of data breaches account for more than half of all breaches of 2021. These countries are:
- The United States of America (212.4M).
- Iran (156.1M).
- India (86.6M).
- Russia (27M).
- France (24.6M).
If you want to deep dive into data breaches in India – watch this video.
This year, just like that last, the country that topped the data breach charts was the US, with 212.4M cases.
Rises in breaches year over year dominated in the Middle East
While the US citizens were breached a total of 212.4M times (a 22% increase compared to 2020), the numbers weren’t surprising considering the number of data breaches that happened this past year.
However, the Middle East particularly stood out among the countries that grew the most breach-wise.
Leaked data suggests that more than 150 million Iranian accounts (a 10842% rise from 2020) were compromised during the 2021 Raychat.io breach. The breach pushed Iran to a number two spot because the Raychat app is one of the most popular messaging platforms in the country. However, the Raychat breach may only be a start to Iran’s new problems. 2021 has also seen an intensification of the cyberwar between Israel and Iran as it reached the civilian level, which may result in an increased frequency of data breaches across the nation in the upcoming years.
Percentage-wise, Sudan came out with the second-highest rise in breaches users of 9.2M cases this year compared to 214.6K in 2020 (a 4178% increase). The United Arab Emirates were third with 515% (from 1.5M in 2020 to 9M in 2021), followed by Iraq with a 456% increase year over year.
India also came up fifth on the growth list this year with a 352% increase from 2020. It netted a total of 86.6M user accounts stolen over 9 big data breaches in 2021, including Domino’s India and Air India cases.
On the bright side, Indonesia has seen the best year-over-year improvement in the number of breached users. The country has seen a dramatic 95% drop in breached citizens (from 84.7M in 2020 to 4.4M in 2021).
A positive outlook for the last quarter of 2021?
While 2021 has been worse than 2020 in terms of data breaches in the first three quarters, the remainder of the year seems positively promising.
We have seen a large drop in data breaches over the last three months. If this trend continues for the remainder of the year, we may see a total decrease of 8.8% in data breach numbers this year compared to the last.
Data & methodology
What sources does the study use?
Our independent partners collected loads of user data from breached databases that appeared online.
This allowed us to sort through 27,000 leaked databases and create 5 billion combinations of data. Researchers could then sort those combinations based on specific data points, such as countries, and perform a statistical analysis of their findings.
The examined data was taken from a twelve-month period between November 2020 to November 2021. The selected data was then analyzed and compared to similar information of the year before.
What is a data breach?
In information security, a data breach is an incident in which data held by some party – a person, a company, etc. – is accessed, viewed, and potentially stolen by unauthorized third parties. In layman’s terms, a standard movie hacker accessing a database to steal secret plans would be a data breach. For our purposes, a data breach means that the intruder copied and leaked user data such as names, surnames, email addresses, passwords, etc.
How are users’ locations identified?
The data collected by our independent partners from breached databases that appear online is aggregated by data points that directly identify a user – more precisely, the email address.
For timeline accuracy, our independent partners record the actual time of the breach instead of when it becomes public. Therefore, the numbers in the past can change as new cases are reported. Data associations to specific breach instances in this study are only stipulated.
Download the full data here.
Republic of Korea
United Arab Emirates