2023 Sets a Record for Data Compromises

We’ve still got two months to go in 2023, but this will already be remembered as a record year for data compromises.

The Identity Theft Resource Center (ITRC) says in its latest report that U.S. corporations had reported 2,116 data breaches as of the end of September. That puts the count higher than the previous annual record of 1,862, set in 2021.

There were 733 total reported compromises, affecting 66,658,764 people, in the third quarter. Financial services was the most attacked sector, topping healthcare for the first time since Q2 2022. That’s likely due to the number of financial institutions reporting data compromises spiking heavily in the third quarter. All totaled, 204 notices were issued, which is more than the 135 total of reported compromises in financial service businesses in the past two years.

Healthcare companies reported 113 data compromises in Q3.

Despite the dire news, there was some reason for optimism. The total number of victims does not appear to be on a record pace. Through the first three quarters in the year, there have been 233.9 million estimated victims, versus the 425 million at this time in 2022.

To put the YTD 2023 data into perspective, here’s a look at recent year-end data compromise numbers:

2017 – 1,506 compromises

2018 – 1,175 compromises

2019 – 1,279 compromises

2020 – 1,108 compromises

2021 – 1,862 compromises

2022 – 1,802 compromises

2023 (first nine months) – 2,116 compromises

The data breaches that companies have seen this year cast a wide net, with ransomware, phishing attacks and malware infections all included. Those can result in everything from companies being shut out of their systems, like the MGM ransomware attacks, to individuals seeing their personal information being sold on the Dark Web. Attacks tied to a vulnerability in the popular file-transfer tool MOVEit accounted for three of the five most impactful breaches in the third quarter, however, the report found.

While we’re certainly going to set an all-time record this year, the ITRC reminds people that the actual number of breaches and victims is likely much higher than what the data indicated. Transparency about attacks has been lax for some time and continues to get worse, as data breach notices, when filed, often lack details about how companies were compromised and victim details.

“While setting a record for the number of data breaches is attention-grabbing, unfortunately, it is not surprising,” said Eva Velasquez, president and CEO of the ITRC in a statement. “There are a handful of reasons for the rise in data compromises, ranging from the drastic uptick in Zero-Day attacks to a new wave of ransomware attacks as new ransomware groups enter the criminal identity marketplace. Now that we have broken the previous annual data comprise record, the question remains: by how much?”

It could be a big number. The fourth quarter has already seen a number of high-profile data breaches.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics

Cybersecurity Technology Companies