The number of people falling victim to data breaches has fallen back from last year’s record high, according to the Identity Theft Resource Center (ITRC), a US-based non-profit that provides identity crime advice.
According to the H1 2022 Data Breach Analysis report, 2021 saw 1862 publicly reported breaches, with 851 in the first half of the year. This year saw H1 breaches drop back to 817 incidents.
More significantly, the number of victims is down some 45% compared to the first half of 2021. Researchers suggest this is partially down a switch by criminal hackers away from individuals. Instead, they are targeting businesses through vectors including supply chain attacks and business email compromise. Criminal groups appear to be focusing on companies, government agencies and institutions.
As many as 87% of data compromises so far this year resulted from cyber-attacks, according to ITRC. Phishing is the leading cause of compromise. In the second quarter of this year, 30 breaches, with just over 10 million victims, were down to system and human errors. The report attributes 10 breaches to misconfigured firewalls, nine to “correspondence,” and six to failures to configure cloud security.
For the first time since 2018, researchers found a decline in ransomware incidents. Possible explanations include the war in Ukraine and “the collapse of cryptocurrencies favored by cyber-criminals.” Ransomware attacks fell 20% from the first to the second quarter this year.
In the second quarter, phishing, smishing and business email compromise (BEC) accounted for 107 breaches, ransomware for 55 and 22 were attributed to malware. In total, these incidents accounted for 17.7 million victims.
The ITRC cautions that the raw data might not give a complete picture of the number of people affected by cyber-attacks. As many as 40% of data breach notices did not state information such as the attack vector or a victim count. It is possible that the total number of victims is higher, and totals could change with “just a handful of large breaches or a series of smaller ones,” according to the ITRC.