Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released 2023 Annual Data Breach Report, its 18th edition, at the Identity, Authentication and the Road Ahead Cybersecurity Policy Forum hosted by the Better Identity Coalition, the FIDO Alliance and the ITRC.
According to the 2023 Annual Data Breach Report, the number of data compromises in 2023 (3,205) increased by 78 percentage points compared to 2022 (1,801). The ITRC set a new record for the number of data compromises tracked in a year, up 72 percentage points from the previous all-time high in 2021 (1,860).
The number of victims impacted (353,027,892) decreased by 16 percentage points from 2022 (425,212,090). This is consistent with a general trend of the number of estimated victims dropping slightly each year due to organized identity criminals focusing on specific information and identity-related fraud and scams rather than mass attacks.
According to the 2023 Annual Data Breach Report, the number of data breach notices without specific information nearly doubled year-over-year. In 2023, more than 1,400 public breach notices did not contain information about an attack vector compared to 716 in 2022. Since 2018, the percentage of notices with actionable information has dropped from ~100 percent to 54 percent.
Other findings in the 2023 Annual Data Breach Report include:
- Nearly 11 percent of all publicly traded companies were compromised in 2023.
- Publicly traded companies withheld information about an attack in 47 percent of notices compared to 46 percent of other organizations.
- While most industries saw modest increases, Healthcare, Financial Services and Transportation reported more than double the number of compromises compared to 2022. While Healthcare led all industries in terms of the number of reported compromises in each of the past five years, Utilities companies led in the estimated number of victims in 2023.
- Most data compromises were due to cyberattacks. Phishing-related and ransomware attacks were down slightly, while Zero Day attacks jumped significantly compared to previous years.
- Supply chain attacks continue to impact more organizations and victims. The number of organizations impacted has surged by more than 2,600 percentage points since 2018. The estimated number of victims has also risen 1,400 percentage points.
“There is never any one reason why compromises go up or action you can take that will completely prevent data breaches and identity crimes,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “However, in 2022, too many businesses found themselves victimized by a compromise, and too many people found themselves in the crosshairs of these data events.”
“Rather than dwell on the past, we are focused on what we can do moving forward to reduce the impact on victims. It starts with finding ways to reduce the value of personal information to identity criminals and seeking ways to improve the breach notice process to help protect both people and businesses,” Velasquez continued. “These are startling findings, but they are a stark reminder that there is much work to be done to improve data protection and help victims recover when their personal information is misused.”