According to a non-profit organization that monitors publicly reported data breaches and exposures since 2005, the second quarter of 2023 saw 951 incidents of data compromise, which could make this year the worst on record. The Identity Theft Resource Center (ITRC) reported that the total number of data compromise events in the first half of 2023 was 1393, surpassing the annual totals for every year except 2021, which had 1862 incidents. This represents a 153% increase compared to the same period in 2022, affecting 156 million individuals. Although this is lower than the 424 million people impacted by data events in 2022, the figures are alarming for security professionals.
The majority (99%) of incidents in the first half of 2023 were caused by breaches, while only 12 were due to data exposures. Cyber-attacks were responsible for 75% of the incidents, while system and human errors accounted for 22%. Supply chain attacks were involved in 8% of the incidents and affected 14% of the victims. The most targeted industry was healthcare, followed by financial services.
However, the ITRC also noted that there was a lack of transparency from many breached organizations, as 534 data breaches did not provide any actionable information about the root cause of the compromise. This is a 67% increase from the previous year and hinders the ability of affected parties to take appropriate measures after an incident.
ITRC CEO and president, Eva Velasquez, commented on the new stats as “historic” and encouraged network defenders to stay alert.
“Since we started tracking data compromises in 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of data events recorded in the first six months of 2023,” she said.
“While businesses and individuals may be desensitized to constant attacks and scams that lead to breaches, it’s important to remain vigilant and practice good cyber-hygiene to make any information stolen or exposed less useful for identity criminals.”
Webcheck Security can analyze your organization’s security posture against your choice of security standards—or one our professionals can recommend for your organization—and then either work as virtual Chief Information Security Officers (CISOs) to help you secure your organization or provide you with a roadmap to close security gaps and mature your security operations. Webcheck Security can also provide enterprise-grade penetration testing services with a small-to-midsized business focus. Contact Webcheck Security today to discuss your options.