Identity Theft Resource Center’s 2022 Annual Data Breach Report Reveals Near-Record Number of Compromises

Share Article

The 2022 data compromises were the second-highest number of data events in a single year and only 60 events short of 2021’s all-time high in compromises

According to the ITRC’s 2022 Annual Data Breach Report, data compromises in 2022 were relatively flat compared to 2021.

According to the ITRC’s 2022 Annual Data Breach Report, data compromises in 2022 were relatively flat compared to 2021.

"People are largely unable to protect themselves from the harmful effects of data compromises, fueling an epidemic – a “scamdemic” of identity fraud committed with compromised or stolen information," said Eva Velasquez, President and CEO of the Identity Theft Resource Center.

Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, will release its 17th Annual Data Breach Report at the Identity, Authentication, and the Road Ahead Cybersecurity Policy Forum hosted by the Better Identity Coalition (BIC), FIDO Alliance and the ITRC.

According to the 2022 Annual Data Breach Report, the number of data compromises in 2022 (1,802) was only 60 events short of the previous all-time high set in 2021 (1,862 compromises). The first half of 2022 saw fewer compromises reported due in part to Russia-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets. However, the number of data compromises steadily increased in the second half of 2022.

Download the ITRC’s 2022 Annual Data Breach Report

The number of victims impacted (422.1 million) increased by almost 41.5 percent from 2021. For 11 of the 12 months in 2022, the estimated number of data compromise victims was trending downward for the sixth consecutive year. However, that trend reversed with news that personal information of 221 million Twitter users was available in illicit identity marketplaces.

Other findings in the 2022 Annual Data Breach Report include:

  • Data breach notices suddenly lacked details, resulting in increased risk for individuals and businesses, as well as uncertainty about the number of data breaches and victims. “Not specified” was the largest category of cyberattacks leading to a data breach in 2022, ahead of Phishing and Ransomware. Only 34 percent of data breach notices included victim and attack vector details.
  • Cyberattacks remain the primary source of data breaches; the number of data breaches resulting from supply chain attacks exceeded compromises linked to malware in 2022. Malware is often viewed as the core of most cyberattacks. However, in 2022, supply chain attacks surpassed the number of malware-based attacks by nearly 40 percent. According to the 2022 Annual Data Breach Report, more than ten (10) million people were impacted by supply chain attacks targeting 1,743 entities. By comparison, 70 malware-based cyberattacks affected 4.3 million people.

There is some good news in the 2022 statistics. The number of data breaches and exposures linked to unprotected cloud databases dropped 75 percent in 2022 compared to the previous high point in 2020. Also, physical attacks continued a multi-year downward trend, dropping to 46 out of 1,802 compromises.

“While we did not set a record for the number of data compromises in the U.S. last year, we came close,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “These compromises impacted at least 422 million people. These numbers are only estimates because data breach notices are increasingly issued with less information. This has resulted in less reliable data that impairs consumers, businesses and government entities from making informed decisions about the risk of a data compromise and the actions to take if impacted by one. People are largely unable to protect themselves from the harmful effects of data compromises, fueling an epidemic – a “scamdemic” of identity fraud committed with compromised or stolen information.”

New Breach Alert Service for Businesses Coming Soon

Later in Q1 2023, the ITRC will launch a paid data breach monitoring and alert service for businesses. Notified for Business will allow organizations to conduct due diligence and monitor partner organizations and prospective vendors. To learn more, click here.

Anyone can receive free support and guidance from a knowledgeable live advisor by calling 888.400.5530 or visiting idtheftcenter.org to live-chat.

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.

Media Contact

Identity Theft Resource Center
Alex Achten
Director of Communications & Media Relations
888.400.5530 Ext. 3611
media@idtheftcenter.org

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Alex Achten
@IDTheftCenter
Follow >
Identity Theft Resource Center
Like >
Visit website