There were fewer reported data breaches in 2022, according to a nonprofit that tracks them, but there were more victims. Consumer Investigative Reporter Susan Hogan has more now on what led to most of those compromises.
The Identity Theft Resource Center's (ITRC) 2022 Data Breach Report shows scammers were hard at work last year with 1,802 total publicly reported compromises.
While the number of breaches was lower than the previous year, the number of victims impacted increased by almost 41% with a total of more than 422 million.
The ITRC said the U.S. averaged about seven breach notices each business day in 2022. Most of the incidents resulted from supply chain attacks rather than compromised links to malware as in past years. That’s when hackers gain access to a business through a third-party vendor.
"Rather than attacking 100 companies, they'll attack one company that has the information from 100 companies,” said James Lee of the ITRC. “So, if you think about it for a second, it's a lot more efficient if you're the criminal. Let me just attack one group; if I can get through their security, I don't have to worry about anybody else’s security.”
We're making it easier for you to find stories that matter with our new newsletter — The 4Front. Sign up here and get news that is important for you to your inbox.
The report also found data breach notices lacking in details as to the cause of the breach. “Not specified” was the largest category of cyberattacks leading to a data breach in 2022, ahead of phishing and ransomware.
Top Data Breach Information Stolen:
- Name
- Full Social Security Number
- Date of Birth
- Home Address
- Driver’s License/State ID Number
There is some good news coming out of the 2022 report: The number of data breaches linked to unprotected cloud databases dropped 75%. Some states, including Maryland, updated their data breach laws requiring organizations to report more details about breaches.
