Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

ITRC 2022 Annual Breach Report Reveals Near-Record Number of Compromises

January 25, 2023

The Identity Theft Resource Center (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, has released its 2022 Annual Data Breach Report.

According to the report, the number of data compromises in 2022 (1,802) was only 60 events short of the previously all-time high set in 2021 (1,862 compromises). The first half of 2022 saw fewer compromises reported due in part to Russian-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets. However, the number of data compromises increased steadily in the second half of 2022.

The number of victims impacted (422.1 million) increased by almost 47.5% from 2021. For 11 of the 12 months in 2022, the estimated number of data compromise victims was trending downward for the sixth consecutive year. But that trend was reversed with the news that personal information of 221 million Twitter users was available in illicit identity marketplaces.

A striking finding: Data breach notices suddenly lacked details, resulting in increased risk for individuals and businesses, as well as uncertainty about the number of data breaches and victims. According to Eva Velasquez, the President and CEO of the ITRC, the fact that data breach notices contain less information “has resulted in less reliable data that impairs consumer, businesses and government entities from making information decisions about the risk of a data compromise and the actions to take if impacted by one.”

“Not specified” was the largest category of cyberattacks leading to a data breach in 2022, ahead of Phishing and Ransomware. Only 34% of data breach notices included victim and attack details.

Cyberattacks remain the primary source of data breaches. The number of data breaches resulting from supply chain attacks exceeded compromises linked to malware in 2022 by 40%.

Want some good news? The number of data breaches and exposures linked to unprotected cloud databases dropped 75% in 2022 compared to the previous high point in 2020.

The ITRC also announced that, later in the first quarter of 2023, it will launch a paid data breach monitoring and alert services for businesses.

My thanks to the ITRC for providing me with a preview copy of its report.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology