As reported by the Identity Theft Resource Center, the first half of 2022 saw fewer compromises reported, owing in part to Russian-based cybercriminals being distracted by the war in Ukraine and volatility in cryptocurrency markets.
However, data compromises rose substantially in the second half of 2022.
The number of victims (422.1 million) has increased by 41.5% since 2021. For the sixth year in a row, the estimated number of data compromise victims fell in 11 of the 12 months of 2022. This trend was reversed when it was revealed that the personal information of 221 million Twitter users was available in illegal identity marketplaces.
Other discoveries
Data breach alerts suddenly lacked details, putting individuals and businesses at risk and creating uncertainty about the number of data breaches and victims. In 2022, the most common type of cyberattack leading to a data breach was "not specified," followed by phishing and ransomware. 34% of data breach notices included information about the victim and the attack vector.
Cyberattacks continue to be the leading cause of data breaches. In 2022, the number of data breaches caused by supply chain attacks surpassed compromises caused by malware. Malware is frequently regarded as the heart of most cyberattacks. However, supply chain attacks outnumbered malware-based attacks by 40% in 2022.
According to the report, supply chain attacks targeting 1,743 entities affected more than 10 million people. In comparison, 4.3 million people were affected by 70 malware-based cyberattacks.
The good news about data compromises in 2022
The statistics for 2022 comprise some encouraging news. When compared to the previous high point in 2020, the number of data breaches and exposures linked to unprotected cloud databases decreased by 75% in 2022. Physical attacks also continued their multi-year decline, dropping to 46 out of 1,802 compromises.
“While we did not set a record for the number of data compromises in the U.S. last year, we came close,” said Eva Velasquez, CEO of the Identity Theft Resource Center.
Velasquez added, “These compromises impacted at least 422 million people. These numbers are only estimates because data breach notices are increasingly issued with less information. This has resulted in less reliable data that impairs consumers, businesses and government entities from making informed decisions about the risk of a data compromise and the actions to take if impacted by one. People are largely unable to protect themselves from the harmful effects of data compromises, fueling an epidemic – a “scamdemic” of identity fraud committed with compromised or stolen information.”