U.S. sets record for number of annual data breach events
The previous record of 1,862 compromises was set in 2021, the Identity Theft Resource Center reports. This year has seen more than 2,100 data-compromise events with three months to go.
The U.S. set a record for the number of data compromise events in a single year with 2,116, according to the Identity Theft Resource Center (ITRC), which reported this is 14% above the previous record with three months still to go.
The old record was set in 2021, which saw a total of 1,862 comprise events, the ITRC reported.
“While setting a record for the number of data breaches is attention-grabbing, unfortunately, it is not surprising,” Eva Velasquez, ITRC president and CEO, said in a release. “There are a handful of reasons for the rise in data compromises, ranging from the drastic uptick in zero-day attacks to a new wave of ransomware attacks as new ransomware groups enter the criminal identity marketplace. Now that we have broken the previous annual data comprise record, the question remains: ‘By how much?’”
There were 733 publicly reported data breaches during the most recently closed quarter, ITRC reported. This was a 22% decrease from the previous quarter’s 941 events, but around 43% higher when compared to the number of compromises in Q3 2022. The first quarter of the year saw around 440 events.
Many of the organizations impacted during 2023’s third quarter were third-party victims of supply chain attacks. The ITRC reported that 1,321 organizations reported data compromises as a result of attacks against 87 entities, many of which were victims of the MOVEit attack. During the third quarter, four of the top 10 compromises were related to the MOVEit attack.
While MOVEit impacted a large number of organizations, phishing attacks continued to be the most frequently reported cause of data breaches, the ITRC reported. Behind phishing and other email compromise attacks, ransomware was the second most frequently targeted attack vector followed by malware.
The third quarter also saw financial service providers supplant health care providers as the most attacked industry, ITRC reported. Financial institutions reported 204 notices during the period, far outpacing the 135 events the sector reported during the past two years. The health care industry reported 113 events in Q3.
Related: