This year could be another record breaker for data compromise following 951 publicly reported incidents in the second quarter, a leading non-profit has warned.
The Identity Theft Resource Center (ITRC) has been tracking publicly reported data breaches and exposures since 2005.
While the figures for Q2 2023 represent a 114% increase on the previous three months, the total for the first half of the year stands at 1393 data compromise events. That’s higher than the total figure for every year but one between 2005 and 2020, the ITRC said.
It also puts 2023 on track to beat the previous all-time high of 1862 compromises recorded in 2021.
Read more on the ITRC: Identity Crimes Remain at All-Time High in 2022
The H1 2023 figure represents a 153% year-on-year increase, with breach notices impacting a staggering 156 million individuals. Although that’s some way short of the 424 million people affected by data events in 2022, the figures should be concerning for security teams.
The vast majority (99%) of incidents in the half year were the result of breaches, with just 12 data exposures recorded. Cyber-attacks accounted for 75% while “system and human error” contributed 22% of the total.
Supply chain attacks accounted for 8% of total data compromise incidents and 14% of victims.
The top industry affected by incidents was healthcare, followed by financial services.
However, the number of data breaches with no actionable information about the root cause of the compromise grew 67% to 534 in H1 2023. This is a trend bemoaned by ITRC, which argues that opacity on the part of breached organizations impairs the ability of impacted parties to make informed decisions about what actions to take in the aftermath of incidents.
ITRC CEO and president, Eva Velasquez, described the new stats as “historic” and urged network defenders to remain focused.
“Since we started tracking data compromises in 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of data events recorded in the first six months of 2023,” she explained.
“While businesses and individuals may be numb to constant attacks and scams that lead to breaches, it’s important to remain diligent and practice good cyber-hygiene to make any information stolen or exposed less useful for identity criminals.”