Data Breaches in 2022 Came Close to an All-Time High

2022 wasn’t quite as bad as 2021 when it came to personal data violations, but it was about as close as you can get.

The Identity Theft Resource Center, in its 17^th annual Data Breach Report, says the number of data breaches at corporations was just 60 events short of the all-time high, which was set the previous year. All totaled, 1,802 data compromises were reported.

Ironically, Russia’s invasion of Ukraine is likely the only reason a new record wasn’t set last year. The ITRC says the first half of the year saw cybercriminals based in Russia distracted by the war, as well as the extreme volatility in the cryptocurrency markets (a critical source of funding for those operators).

While the number of attacks was slightly lower, the number of people impacted by these data breaches skyrocketed. More than 422 million people were impacted last year by identity theft, an increase of almost 41.5% from the previous year. And that’s almost entirely due to Twitter.

Through November, it appears that the number of data compromise victims would once again trend downward for the sixth year in a row. Then came news that the personal information of 221 million Twitter users had shown up on the dark web.

Worse, still, the actual number of breaches and victims is likely much higher than the ITRC’s data shows. Officials at the organization note that transparency about attacks continues to get worse.

Data breach notices, when filed, often lacked details about how companies were compromised and victim details. Only 34% of the reports, in fact, contained that information.

“In the U.S. there were an average of [nearly] seven breach notices issued each business day in 2022,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “Compare that to the 356 breach notices issued each day in the European Union during 2021, the last year for which data is available...The data breach environment is worse than we know and can prove with quantifiable data. The result is individuals are largely unable to protect themselves from the harmful effects of data compromises which are fueling an epidemic – a ‘scamdemic’ – of identity fraud committed with stolen or compromised information.”

In terms of the attacks there were reported, cyberattacks remain the primary source of data breaches, but they were a bit different this year. Breaches resulting from supply chain attacks topped the number of compromises linked to malware last year by nearly 40 percent. According to report, more than 10 million people were impacted by supply chain attacks targeting 1,743 businesses.

Malware attacks, which only accounted for 70 of the total compromises, affected 4.3 million people.

While Twitter was the largest data compromise (as well as the sixth largest, with data for 5.5 million users accessed earlier in the year), it was hardly alone. Neopets saw the personal information of 69 million users exposed. And 22.8 million customers of AT&T were exposed, says the report. Samsung, DoorDash and LastPass were also victims of data breaches, but did not disclose details about what happened or who was impacted.

With information harder to come by, the ITRC to announce plans to launch a paid data breach alert service for businesses before the end of the first quarter of 2023. Called “Notified,” it aims to let businesses conduct due diligence and monitor partner organizations and prospective vendors.

“The trend away from transparency also points out the overall inadequacy of the current patchwork quilt of state data breach notification laws, many of which now date back to 2005 when virtually all breaches involved paper records, lost or stolen laptops, or data tapes lost in transit,” said Velasquez. “In 2022, cyberattacks caused 90% of all data breaches…Increasingly, it is not so much what we know, but what we do not know that is the most troubling and compelling.”

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics

Companies Cybersecurity