Data breaches are one of the worst-case scenarios for many organizations and several companies have fallen victim to significant breaches in 2023.
These incidents include T-Mobile which saw that 37 million customers had their personal and account information accessed by a malicious actor via an API attack and the DNA testing firm 23andMe confirming that millions of customers have had profile information accessed by threat actors.
However, recent findings from Surfshark’s monitoring of global data breach statistics form Q2 and Q3 of 2023 have shown some positive trends.
In this study, Surfshark treats every breached or leaked email address used to register for online services as a separate user account. Each one is counted as a breach.
In Q3 Surfshark found that 76% fewer accounts were leaked compared to Q2. The total for Q3 was 13m, compared to 133m in Q2. Overall, the third quarter saw 240 accounts breached every minute versus 1030 the previous quarter.
Top Breached Nations Q3 2023
There were also changes in the nations that were breached the most between Q2 and Q3 2023.
According to Surfshark statistics, the US, Russia and France saw noticeable decreases in the number of breaches their citizens experienced.
This indicates a positive trend. These three countries kept their Q2 rankings, except France, which moved from 4th to 3rd place. However, China and Mexico saw high increases, propelling them into 4th and 5th places.
The US remains one of the most breached countries in the world with 8.1m breached accounts — the highest number for the second quarter in a row.
Overall, the accounts of American origin accounted for over a quarter of all breached accounts in Q3 2023. However, there is positive news, and the US did see a decrease in breached accounts from 50.2m in Q2 to 8.1m in Q3.
Just behind the US sits Russia with 7.1m breached accounts in Q3. In the previous quarter Surfshark identified 34.8m accounts. Russian accounts current comprise 23% of all those breached.
France experienced 1.6m breached accounts in Q3.
In third place, France experienced 1.6m breached accounts in Q3, compared with 3.5m in Q2.
While these nations all saw a significant decrease in breached accounts in Q3 compared with Q2, China and Mexico both saw an increase.
China experienced 1.5m breached accounts in Q3, compared to 110,000 in Q2. Mexico saw 1.2m accounts breached, compared to 430k in Q2.
Europe Sees Highest Number of Breaches
Overall, all regions experienced a significant quarterly decrease in breached accounts (except South America and Antarctica).
In Q3, Surfshark found that Europe had the highest number of breached accounts at 11m, this is a notable decrease from Q2’s 48M.
However, European accounts still make up the majority of those affected globally.
North America saw the second-highest relative decrease in breached accounts over the two quarters, down from 52m to 9.5m. North American accounts comprise 30% of all leaked accounts this quarter.
North American accounts comprise 30% of all leaked accounts.
Asia saw a smaller decrease in breached accounts, down from 6m to 3.8m. This quarter leaked Asian accounts account for 12% of all breached accounts.
South America ranks 4th, with 2M accounts affected. This quarter, there were slightly more leaked South American accounts than in Q2 (which saw 1.8M leaked accounts). Despite the increase, accounts from the region comprise only 6% of all those breached.
Regarding Africa, 310,000 African accounts were breached in Q3, a drop of 70% from the 1m accounts in Q2. The region makes up just 1% of all affected accounts.
Finally, in Oceania the number of breached accounts dropped significantly from 3.3m in Q2 to 300,000 in Q3.
Are We Seeing a Data Breach Respite?
The total number of data breaches observed by Surfshark in Q3 2023 shrank by 76% compared to the previous quarter.
Despite this, 240 accounts were leaked every minute, worldwide, and we know that threat actors are innovating, collaborating and attacking in greater numbers than ever before.
While the numbers may have decrease overall, the issue has not disappeared, and it is important organizations remain vigilant when it come to the risk of data breaches.
Data breaches can bring regulatory damage to organizations. We have seen fines for data breaches skyrocket in recent years as data privacy regulators crack down on privacy violations.
In addition, having personal data exposed can cost consumers significantly as it leads them to be vulnerable to future scams and even identity theft leading to financial loss.
Many organizations who suffer major data breaches can suffer reputational damage and see stock prices decrease and customers turn away from their services.
That is why it is important to monitor data breaches and do our best to reduce their numbers all over the world, which can be achieved through good cybersecurity practices, including:
- Use multi-factor authentication (MFA)
- Introduce password management
- Ensure best practice identity and access management
- Conduct regular backups
- Have a cybersecurity awareness training program
- Develop a mature incident management plan
- Use a VPN to encrypt all your traffic and make sure the tunneling process is secure
Get Surfshark VPN and take your online security to new heights.
