Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase in Compromises

The number of reported data compromises in the US in 2023 increased by 78% compared to 2022, reaching 3205 affected companies, according to the Identity Theft Resource Centre’s (ITRC’s) latest report.

The number of victims impacted by these monumental data breaches reached 353,027,892, with the total still increasing. Another statistic that highlights the ongoing real-time threat that data breaches pose to companies and individuals.

Despite the staggering total, the ITRC stated that the number is decreasing year on year. They believe the trend, which shows the actual number of victims dropping each year, is because organized identity criminals now focus on specific information and identity-related fraud and scams, rather than mass attacks.

The ITRC’s 2023 Annual Data Breach Report highlighted the following statistics:

  • Nearly 11% of all publicly traded companies were compromised in 2023
  • Publicly traded companies withheld information about an attack in 47% of notices compared to 46% of other organizations.
  • Healthcare, Financial Services and Transportation reported more than double the number of compromises compared to 2022. While Healthcare led all industries in terms of the number of reported compromises in each of the past five years, Utility companies led in the estimated number of victims in 2023.
  • Supply chain attacks continue to impact more organizations and victims. The number of organizations impacted has surged by more than 2600 percentage points since 2018. The estimated number of victims has also risen by 1400 percentage points.

In a letter from ITRC’s CEO, Eva Valasquez, published in the report, said:

“The sheer scale of the 2023 data compromises is overwhelming. Just the increase from the past record high to 2023’s number is larger than the annual number of events from 2005 until 2020 (except for 2017).”

Types of cyber-attacks

The majority of data compromises were linked to cyber-attacks. The report found that phishing-related and ransomware attacks were down slightly, while malware and Zero Day attacks jumped significantly compared to previous years. The growing awareness of big data analytics (BDA) is likely to have caused the decrease in certain types of cyber-attacks, which is a huge step forward in the fight against data compromises and cyber-attacks.

No Notice Data Breaches

Another stark finding the ITRC report uncovered was that the number of data breach notices (without specific information) almost doubled year-on-year. This is especially significant with the growth of organizations targeted by supply chain attacks

In 2023, more than 1400 public breach notices did not contain information about an attack vector, compared with the number recorded in 2022, 716. The ITRC also noted that there is a flaw in data breach notice laws, meaning there is a significant gap between organizations that lost data and those that notify victims. Another worrying discovery within the world of big data.

Reducing the Impact of Data Breaches

The ITRC suggests immediate action be taken within three key areas, in order to help reduce the rate and impact of data breaches on individual and business victims:

  • Uniform breach notice laws: The ITRC believes that state data breach laws and federal agency regulations can be more helpful to victims by adopting uniform provisions.
  • Digital credentials & facial comparison systems: The expanded use of facial verification and digital credentials is crucial to reducing the number of identity crimes involving the use of stolen personal information.
  • Improve vendor due diligence: Understanding the risk represented by vendors is imperative, including knowing the breach history of an organization. Big data analytics education and training, through implementation of up-to-date training, attendance of big data analytics events and big data conferences would ensure key understanding of all cyber risks and attacks.

The 2023 Annual Data Breach Report contains information on the ITRC’s new Breach Alert for Business (BA4B) service that helps organizations verify that vendors are meeting or exceeding a company’s cybersecurity policies and performance.

The ITRC’s BA4B service confirms vendors’ previous data breaches and issues quick-time alerts if a vendor is the subject of future data compromises. This aims to prevent any future cyber-attacks, which result in huge data breaches.