The volume of US data breaches fell in Q1 2023, but the number of notices with no actionable information contained within grew by 20% from the previous quarter, according to the Identity Theft Resource Center (ITRC).
The non-profit tracks publicly reported data breaches and leaks in the US but has been dismayed by the growing reluctance of breached firms to share important information about incidents.
This means that those impacted can’t make accurate assessments about the risk of data compromise and what actions they should take following a breach involving their data, it argues.
The number of data breaches with no actionable information about the root cause of the compromise grew from just five in Q1 2021 to 155 a year later and 187 in Q1 2023, the ITRC revealed.
“It is troubling to see the trend of a lack of actionable information in data breaches continue from 2022,” said Eva Velasquez, president and CEO of the ITRC.
“Among the top ten breaches we saw in Q1, 60% did not include information about the root cause of the event, compared to 40% in Q4 2022. This means individuals and businesses remain at a higher risk of cyber-attacks and data compromises.”
Last year, the non-profit claimed that only a third (34%) of breaches notices included both victim and attack details, the lowest figure in five years and a 50% decline from 2019.
Read more on data breaches: Near-Record Year for US Data Breaches in 2022.
The total number of reported breaches declined 13% from the previous quarter to 445 for the first three months of 2023. The number of victims decreased 65% to 89 million.
Healthcare topped the list of most breached sectors for the third consecutive quarter, followed close behind by financial services. Incidents in the manufacturing and utilities, technology, healthcare, and transportation sectors impacted the most people, according to the report.
Velasquez claimed that the number of victims and compromises usually falls in Q1 each year.