2021 is set to be a record-breaking year for data breaches, with only 238 breaches fewer than the entirety of 2017. The Identity Theft Resource Center (ITRC), a nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter of 2021.

According to the data breach analysis, the number of data breaches publicly reported in the U.S. decreased nine percent in Q3 2021 (446 breaches) compared to Q2 2021 (491 breaches). However, the number of data breaches through September 30, 2021 has exceeded the total number of events in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.

For Q3 2021, the number of data compromise victims is 40 million higher than Q1 and Q2 2021 combined, which saw 121 million victims. The report suggests that the dramatic rise in victims is primarily due to a series of unsecured cloud databases, not data breaches. The total number of cyberattack-related data compromises so far this year is up 27% compared to FY 2020. Phishing and ransomware continue to be the primary attack vectors.

According to the report, some organizations and state agencies are not including specifics about data compromises or reporting them on a timely basis. One U.S. state has not posted a data breach notice since September 2020.

Read more findings and analysis here.