The number of data compromises reported in the U.S. in the H1 of 2023 is higher than the total compromises reported every year between 2005 and 2020, except for 2017, according to Identity Theft Resource Center.
For the H1 ending June 30, 2023, there were 1,393 data compromises reported, including 951 in the Q2. Since 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of compromises recorded in the first six months of 2023.
Data breach patterns are difficult to predict. However, given that the number of compromises per quarter has been more than 350 since the Q4 of 2020, it is reasonable to project the total number of 2023 data events will far exceed the 2021 record-high number of 1,862.
Higher data compromises reported in H1 2023
Every sector reported a higher number of data compromises in H1 2023 compared to the previous H1. Healthcare leads the sectors with the most compromises. However, Financial Services firms reported nearly double the number of compromises versus H1 2022.
“Not Specified” continued to be the leading cause of data breaches in H1 2023, with 534 notices lacking actionable information about the root cause of a compromise, up from 319 in H1 2022. Phishing and ransomware were the primary attack vector for cyberattacks. However, the number of malware attacks jumped 89% over the same period last year.
While the number of compromises is on pace to set a new high-water mark, the number of victims disclosed in notices is well behind 2022’s pace. Notices in H1 2023 estimated 156M individuals were impacted by a data compromise compared to the ~424M people affected by data events in full-year 2022.
“The second quarter and first half of 2023 has been historic with regard to data breaches,” said Eva Velasquez, CEO of the Identity Theft Resource Center. “Since we started tracking data compromises in 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of data events recorded in the first six months of 2023. While businesses and individuals may be numb to constant attacks and scams that lead to breaches, it’s important to remain diligent and practice good cyber-hygiene to make any information stolen or exposed less useful for identity criminals.”