- The number of publicly reported data breaches in the US increased by double digits year-on-year in the first three months of 2022, according to the Identity Theft Resource Center (ITRC).
- The increase represents the third successive year in which Q1 figures have exceeded those recorded 12 months previously.
- The vast majority (92%) of breaches recorded by the ITRC were traced back to cyber-attacks, with phishing and ransomware the top two causes overall.
For the third consecutive year, data breaches increased when compared to Q1 of the previous year. Despite the data breach increase, the number of victims (20.7 million) decreased 50% compared to Q1 2021 and dropped 41% compared to Q4 2021.
Fig1
“Traditionally, Q1 is the lowest number of data compromises reported each year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “The fact the number of breach events in Q1 represents a double-digit increase over the same time last year is another indicator that data compromises will continue to rise in 2022 after setting a new all-time high in 2021.
Other findings include:
- Phishing and ransomware remain the top two root causes for data compromises.
- Continuing a trend from 2021, 154 out of 367 data breach notices did not include the cause of the breach, making “unknown” the largest attack vector in Q1 2022. It also represents a 40% increase in the total number of unknown breach causes compared to full-year 2021. While data breach notice updates may include more attack information, the increasing lack of transparency in the notices is a risk to organizations and consumers.
- System & Human Errors represent 8% of the Q1 2022 data compromises.
- Data breaches resulting from physical attacks such as document or device theft and skimming devices dropped to single digits (three) in Q1 2022.
- The only non-cyberattack-related attack vector in double digits during Q1 2022 was related to email or letter correspondence with 12 instances.
- Healthcare, Financial Services, Manufacturing & Utilities, and Professional Services sectors had the most compromises in Q1 2022.
(Image Courtesy: www.blog.v-comply.com)