The Weekly Breach Breakdown: Buckle Up, Cupcake – Takeaways from ITRC’s Eye-opening H1 2023 Data Breach Analysis

• According to the Identity Theft Resource Center’s (ITRC) H1 2023 Data Breach Analysis, data compromises are on a blistering pace to set a new record by year’s end. There were 1,393 data compromises reported in the first half of the year (H1), including 951 in the second quarter (Q2).
• Since 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of compromises recorded in the first six months of 2023. Also, 951 compromises in Q2 are more than the annual total of data breaches reported each year from 2005 until 2015.
• Given that the number of compromises per Quarter has been more than 350 since 2020, it is reasonable to project the total number of 2023 data events will far exceed the 2021 record-high number of 1,862. In fact, we could pass that record by the end of the next Quarter.
• Every sector reported more data compromises in H1 2023 than the previous year. “Not Specified” continued to be the leading cause of data breaches, with 532 notices lacking actionable information about the root cause of a compromise.
• To learn about the latest data compromises, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.
• If you believe you are the victim of an identity crime, contact the ITRC. Call toll-free at 888.400.5530 or live chat on the company website, idtheftcenter.org.

Buckle Up, Cupcake

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for July 14, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we explore the data breach trends for the first half of 2023 in the ITRC’s H1 2023 Data Breach Analysis. To quote Captain Kirk in Star Trek – the JJ Abrams movie, not the original series – Buckle Up, Cupcake.

2023 On Pace to Set Record for Number of Reported Data Breaches

According to our H1 2023 Data Breach Analysis, in the first six months of this year, data compromises were on a blistering pace to set a new record by year’s end. The number of publicly reported U.S. data compromises was higher than the total compromises reported in every year between 2005 and 2020 except for 2017. For the H1 ending June 30, 2023, there were 1,393 data compromises reported, including 951 in the second quarter (Q2). Since 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of compromises recorded in the first six months of 2023.

We should also point out that the 951 compromises in Q2 are more than the annual total of data breaches reported each year from 2005 until 2015. Data breach patterns are difficult to predict. However, given that the number of compromises per Quarter has been more than 350 since 2020, it is reasonable to project the total number of 2023 data events will far exceed the 2021 record-high number of 1,862. There’s even a chance we could pass that record by the end of the next Quarter in September.

The Number of Financial Services Firm Data Breaches Nearly Doubled

Every sector reported more data compromises in H1 2023 than the previous year. Healthcare leads the sectors with the most compromises. However, Financial Services firms reported nearly double the number of compromises versus H1 2022.

Data Breach Notices Continue to Lack Actionable Information

According to the H1 2023 Data Breach Analysis, “Not Specified” continued to be the leading cause of data breaches in H1 2023, with 532 notices lacking actionable information about the root cause of a compromise. That’s up from 307 in H1 2022. Phishing and ransomware were the primary attack vector for cyberattacks. However, the number of malware attacks jumped 89 percent over the same period last year.

The Number of Victims Reported is Behind 2022’s Pace

While the number of compromises is on pace to set a new high-water mark, the number of victims disclosed in notices is well behind 2022’s pace. Notices in H1 2023 estimated 156 million individuals were impacted by a data compromise compared to the ~424 million people affected by data events in full-year 2022. 

However, just as in 2022, the number of victims can change dramatically with one or two data breaches. Last year, just three data breaches accounted for more than half of the year’s total estimated number of victims.

Download the H1 2023 Data Breach Analysis & Other Reports

You can learn more about the latest data compromise trends by downloading the full ITRC H1 2023 Data Breach Analysis at our website: www.idtheftcenter.org/publications.

Contact the ITRC

If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Be sure to check out our sister podcast, the Fraudian Slip, for the latest in all things compromise, crimes and fraud that impact people and businesses. On last week’s episode, we had Part 2 of our discussion with Stephen Smith of Intellectual Technology, Inc. (ITI) on biometrics and the abuse of driver’s license information. We will return next week with another episode of the Weekly Breach Breakdown.