Symantec has released its 2016 Internet Security Threat Report in which it suggests more than 500 million digital identities were stolen or exposed in 2015.
In addition, it said, fake technical support scams rose by 200% and crypto-based ransomware attacks grew by 35%.
Hackers also made more use of unknown software bugs to make sure attacks work, said the annual threat report.
It said the gangs behind the attacks had become more professional and now resembled legitimate software firms.
“They have extensive resources and highly skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Kevin Haley, director of Symantec security response in a statement.
Call centres had been set up by some gangs to make scams and cons more effective, he said.
Some of these groups were involved in tech support scams that try to trick people into paying to fix non-existent problems on their home computers. The US, UK, France, Australia and Germany were the hardest-hit by the fake support scams, it said.
Fake pop-up warnings on websites were being used by some groups to try to convince people their computer was riddled with viruses. In a small number of cases, said Symantec, people who rang to get help had ransomware installed on their computer when they let fake support staff have remote access to their PC.
Ransomware, which encrypts files on a computer that are only unlocked when victims pay a ransom, also remained popular among cybercriminals last year. The number of potential targets increased, it said, as ransomware for Apple Macs, smartphones and Linux all debuted in 2015.
Last year was also remarkable for the huge number of data breaches companies and other organisations suffered, it said. More than 500 million records of login names, passwords and other ID information went astray in the last 12 months.
In 2015, there were nine breaches that exposed more than 10 million records. By contrast, in 2014 only four breaches were this severe. One breach, of US Voter registration records, saw information about 191 million people exposed online.
Hospitals, healthcare firms and insurance companies suffered the largest number of breaches, said the report.
The ultimate number of digital identities that have been exposed could be higher, said Mr Haley, because many firms had stopped reporting exactly how much data had been lost.
“The increasing number of companies choosing to hold back critical details after a breach is a disturbing trend,” he said. “By hiding the full impact of an attack, it becomes more difficult to assess the risk and improve your security posture to prevent future attacks.”