Supply chain attacks caused more data compromises than malware
The first half of 2022 saw fewer compromises reported due in part to Russia-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets, according to the Identity Theft Resource Center. However, data compromises steadily increased in the second half of 2022.
The number of victims impacted (422.1 million) increased by 41.5% from 2021. For 11 of the 12 months in 2022, the estimated number of data compromise victims was trending downward for the sixth consecutive year. However, that trend reversed with news that the personal information of 221 million Twitter users was available in illicit identity marketplaces.
Data breach notices suddenly lacked details, resulting in increased risk for individuals and businesses, as well as uncertainty about the number of data breaches and victims. “Not specified” was the largest category of cyberattacks leading to a data breach in 2022, ahead of phishing and ransomware. 34% of data breach notices included victim and attack vector details.
Cyberattacks remain the primary source of data breaches. The number of data breaches resulting from supply chain attacks exceeded compromises linked to malware in 2022. Malware is often viewed as the core of most cyberattacks. However, in 2022, supply chain attacks surpassed the number of malware-based attacks by 40%.
According to the report, more than 10 million people were impacted by supply chain attacks targeting 1,743 entities. By comparison, 70 malware-based cyberattacks affected 4.3 million people.
Data compromises 2022: The good news
There is some good news in the 2022 statistics. The number of data breaches and exposures linked to unprotected cloud databases dropped 75% in 2022 compared to the previous high point in 2020. Also, physical attacks continued a multi- year downward trend, dropping to 46 out of 1,802 compromises.
“While we did not set a record for the number of data compromises in the U.S. last year, we came close,” said Eva Velasquez, CEO of the Identity Theft Resource Center.
“These compromises impacted at least 422 million people. These numbers are only estimates because data breach notices are increasingly issued with less information. This has resulted in less reliable data that impairs consumers, businesses and government entities from making informed decisions about the risk of a data compromise and the actions to take if impacted by one. People are largely unable to protect themselves from the harmful effects of data compromises, fueling an epidemic – a “scamdemic” of identity fraud committed with compromised or stolen information,” added Velasquez.