There have been over 233 million victims of data breaches so far in 2023, the Identity Theft Resource Center (ITRC) said on Wednesday.
The ITRC’s Q3 2023 Data Breach Analysis report shows that data breaches continue to grow at a worrying rate, with the number of reported compromises until Q3 of 2023 already exceeding the previous annual record by 14%.
While the number of reported breaches has spiked significantly, there are fewer victims in 2023 compared to the previous year. The ITRC’s research shows that 66.7 million Americans fell victim to data breaches in Q3 this year, while the number was a whopping 110 million just a year ago.
“For the nine months ending September 30, 2023, there have been 2,116 data compromises reported, including 733 in the third quarter (Q3). The number of year-to-date (YTD) data compromises surpasses the previous annual record of 1,862 reported events set in 2021,” the report states.
Cyberattacks Remain the Biggest Cause of Data Breaches
Cyberattacks were the biggest root cause of data breaches in Q3 2023, with about 614 reported incidents. Phishing was the second biggest data breach catalyst (80 incidents) reported in the quarter. This includes scams like smishing and Business Email Compromise (BEC).
A new worrying trend in Q3 2023 was a sharp rise in zero-day attacks. The ITRC’s report states that zero-days were behind 69 incidents, compared to just two in the same period last year. There were only five such incidents in all of 2022.
Vulnerable MOVEit file transfer products made up a huge chunk of the security incidents affecting U.S. companies. In fact, this vulnerability was behind one of the largest supply chain cyberattacks ever recorded.
“So far in 2023, 344 U.S. organizations have been impacted by a single or multiple vendor(s) using a vulnerable MOVEit product. An additional 79 organizations have reported being directly impacted by attacks against MOVEit software or services. Four of the top ten compromises in Q3 were related to a MOVEit attack,” the report states.
Ransomware and malware continued to be significant attack vectors during the quarter.
Financial Services, Healthcare Organizations Most Targeted
Organizations in the financial sector reported the most breaches (204), followed by those in the healthcare sector (113). Interestingly, reporting by finance companies increased significantly over previous years. In 2021 and 2022, the total number of incidents reported in the third quarter stood at 135 combined.
No other sector had data breach reports in the triple digits this year. HCA Healthcare, Inc. faced the biggest breach, with 11,270,000 people affected.
Despite the number of incidents going up significantly in 2023, fewer people have fallen victims compared to last year.
