The number of publicly reported data breaches in the US increased by double digits year-on-year in the first three months of 2022, according to the Identity Theft Resource Center (ITRC).
The non-profit claimed that the increase represents the third successive year in which Q1 figures have exceeded those recorded 12 months previously.
The vast majority (92%) of breaches recorded by the ITRC were traced back to cyber-attacks, with phishing and ransomware the top two causes overall.
However, there remains a gap in reporting, as 154 data breach notices, or around 40%, did not include the root cause. This made “unknown” the largest attack vector in Q1 2022.
It represents a 40% increase in the total number of unknown breach causes compared to full-year 2021, with the ITRC warning that this lack of transparency is a risk to consumers and organizations.
System and human error represented 8% of data compromises in the period, while those resulting from physical attacks, including document or device theft and skimming devices, numbered just three.
Healthcare, financial services, manufacturing and utilities and professional services were the sectors that suffered the most breaches in Q1 2022.
Eva Velasquez, President and CEO of the ITRC, explained that Q1 typically accounts for the lowest number of data breaches in the year.
“The fact the number of breach events in Q1 represents a double-digit increase over the same time last year is another indicator that data compromises will continue to rise in 2022 after setting a new all-time high in 2021,” she added.
“We saw an alarming number of data breaches last year due to highly complex and sophisticated cyber-attacks that are fueling the dramatic rise in identity fraud. It is vital everyone continues to practice good cyber-hygiene, to help reduce the amount of personal information flowing into the hands of cyber-thieves.”