17 Billion Personal Records Exposed in Data Breaches in 2023

Written by

Reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year, according to Flashpoint’s 2024 Global Threat Intelligence Report.

The firm recorded 6077 publicly reported data breaches last year, which included sensitive information such as names, social security numbers and financial data.

Over 70% of these incidents resulted from unauthorized access that stemmed from outside the affected organization.

The researchers also observed a 429% spike in stolen or leaked personal data in the first two months of 2024 compared with the same period last year, with 1897 billion personal records and credentials compromised.

The US made up the majority (60%) of global data breaches in 2023, with 3804 reported incidents. This represents a 19.8% increase compared to 2022.

Ransomware a Major Driver of Surging Data Breaches

A major culprit for this surge in data breaches is ransomware attacks, with Flashpoint highlighting an 84% increase in documented incidents in 2023.

Additionally, the number of public ransomware attacks grew by around 23% in the first two months of 2024 compared to the same period in 2023, reaching 637.

Read here: NHS Trust Confirms Clinical Data Leaked by “Recognized Ransomware Group”

The LockBit gang claimed 1049 victims last year, representing over a fifth of all known ransomware attacks in 2023, according to the report.

The prolific ransomware actor’s infrastructure was disrupted by global law enforcement in February 2024 during Operation Cronos.

The researchers also noted that the Clop ransomware group’s exploitation of the MOVEit Transfer file application vulnerability, which emerged in May 2023, had a “profound” impact on the data breach landscape.

They determined that in total, the MOVEit attack was responsible for 19.3% of all reported 2023 data breaches. This figure includes organizations who had data stolen via third parties on their supply chain.

Public ransomware victim posts by week in 2023. Source: Flashpoint
Public ransomware victim posts by week in 2023. Source: Flashpoint

The sector most targeted by ransomware last year was construction and engineering (18.7%), with 416 public incidents. This was followed by professional services (13.7%), internet software and services (13.2%) and healthcare providers and services (12.29%).

Overall, ransomware and unauthorized access made up 85% of all publicly disclosed data breaches.

Record Vulnerability Disclosures and Exploits

The report found that 2023 marked a high in vulnerability disclosures, reaching a total of 33,137.

Of these, over half (52%) scored high to critical (7.0-10.0) in severity under the Common Vulnerability Scoring System (CVSS), providing a key avenue for attacks like ransomware to take place.

Source: Flashpoint
Source: Flashpoint

Flashpoint researchers said they documented over 100,000 vulnerabilities that the Common Vulnerabilities and Exposures (CVEs) failed to report, many of which affect major companies such as Google and Microsoft.

They therefore estimate that organizations strictly relying on CVEs are likely unaware of nearly a third of known vulnerability risk.

What’s hot on Infosecurity Magazine?