According to the Identity Theft Resource Center (ITRC), the volume of publicly reported data breaches and breaches remained near record levels in 2022, but according to the Identity Theft Resource Center (ITRC) Consumers and businesses are frustrated by the lack of information provided by established companies.
non-profit 2022 Data Breach Report Compiled from company announcements, mainstream news media, government agencies, recognized security research firms and researchers, and other non-profit organizations.
The overall volume of “data breaches” for the year was 1802, the majority (1774) of which were traditional breaches. The ITRC also documented 18 data “exposures”, usually caused by cloud misconfigurations, and 10 incidents whose details are still unknown.
After last year’s all-time high of 1,862 incidents, the total volume of breaches leveled off somewhat, but the number of victims affected surged by more than 40% year-on-year to 422 million. reached.
However, this is largely due to a major Twitter incident that affected more than 200 million people. Without this, the figure would have declined by 33% over this period.
The next largest breaches this year were Neopets (69 million) and AT&T Data (23 million).
Phishing and exploits remained the top vectors for compromised actors, followed by ransomware.
The ITRC also flagged a worrying increase in attacks on supply chains.
More than 10 million people were affected by attacks targeting 1,743 organizations with access to data from multiple companies, and 4.3 million people were affected by 70 malware-based cyberattacks, report reveals I was.
However, the ITRC’s job has become increasingly difficult due to the increasing opacity of publicly available data breach notifications.
Only one-third (34%) of these notifications contain details of both victims and attacks in 2022, the lowest number in five years and down 50% from 2019 .
ITRC CEO Eva Velasquez said in her opening remarks:
“These trends are resulting in less trust in data and undermining the ability of individuals, businesses and government officials to make informed decisions about the risk of data breaches and their subsequent response.”
This, she continued, can be explained in part by the lack of current federal violation notification laws that are appropriate for the digital age.
Most states still place the burden of determining the risk of a data breach on those who impacted a compromised organization, thereby unnecessarily exposing consumers to subsequent identity fraud “scams.” Yes, Velasquez argued.
