While cybercriminals have been busy targeting people with various flavors of COVID-19-related scams, the number of publicly reported data breaches in the United States in the first half of 2020 dropped by 33% year-on-year.

This is according to a report published by the Identity Theft Resource Center (ITRC), which also revealed that that the number of people affected by data breaches between January and June of this year plummeted 66% on a yearly basis, bringing the number of impacted individuals to some 164 million.

Attacks by external threat actors are still considered to be the most common cause of data breaches, being responsible for 404 out of a total of 540 incidents reported in the first half of this year.

However, data compromises caused by insiders are at a three-year low, with 83 such incidents reported from January to June. The center attributes this in part to the pandemic, reasoning that more people are currently working from home and have less access to corporate systems and data.

ITRC president and CEO Eva Velasquez considers the decrease in the volume of data breaches and the number of impacted individuals good news for both consumers and businesses.

“However, the emotional and financial impacts on individuals and organizations are still significant. The impact on individuals may be even more harmful as criminals use stolen personal information to misappropriate government benefits intended to ease the impact of the COVID-19 pandemic,” she added. The Federal Trade Commission as well as the Internal Revenue Service have been warning about scammers targeting individuals eligible to receive stimulus payments.

RELATED READING: Simple steps to protect yourself against identity theft

Instead of harvesting new data, ITRC says, cybercriminals are currently utilizing data from breaches dating all the way back to 2015 to fuel their COVID-19 related scams, as well as to conduct other traditional fraud activities, such as phishing campaigns and credential-stuffing attacks.

The ITRC suggests that if the trend continues and there are no sudden surges in the number of breaches, 2020 is on track to be the year with the lowest number of breaches and data exposures since 2015. But the center is skeptical that the lull will last. Once the criminals’ credential well starts running dry, Velasquez expects things to go back to ‘normal’.

“Cybercriminals will have to act to update their data at some point, which will lead to a return to more normal threat patterns. While it is too early to tell when that may occur, it likely won’t happen overnight, but breaches will gradually increase over time.”

There are multiple easy steps you can take to mitigate the risks of becoming a victim of an incident that exploits data stolen in a security breach. For starters, stop recycling your passwords and instead use a unique and strong password or passphrase for each of your online accounts. Admittedly, this is by no means an easy feat, which is why a password manager can come in handy. Another thing you can do is employ two-factor authentication to add an extra layer of security to your accounts. And finally, try to adhere to best cybersecurity practices, including by brushing up on some of the basics outlined in this article.