Digital Transactions Authoritative, insightful and timely information for payments professionals
Data compromises in the U.S. market for the first three quarters of 2023 totaled 2,116, a record high for the first nine months of a calendar year, according to the Identity Theft Resource Center. The previous high was set in 2021, when 1,862 compromises were recorded over the first nine months of the year.
The record high comes despite a 22% decline in data compromises in the third quarter of 2023 from the second quarter. In the third quarter, there were 733 publicly reported data compromises, compared to 951 in the second quarter.
As data compromises fell in the third quarter, so did the number of victims, compared to a year ago. Some 66.7 million consumers were victimized by data compromises in the quarter, a 39% decrease from the same period in 2022.
Overall, the number of consumers victimized by data compromises in the first three quarters of 2023 is also down compared to a year ago. An estimated 233.9 million consumers were victimized by data compromises through September, compared to an estimated 425 million victims during the same period in 2022, a 45% decrease.
Cyberattacks continue to be the most frequently reported root cause of data breaches, with 614 notices issued in the latest quarter. More than half of the breached entities (386) did not report an attack method.
Phishing attacks were the most commonly reported attack vector used by hackers during the third quarter. Among the period’s 614 breaches, 80 were the result of phishing, followed by zero-day attacks (69), ransomware attacks (64) and malware attacks (17). Zero-day attacks occur when cyber criminals exploit a previously unknown app vulnerability for which there is no patch.
“While setting a record for the number of data breaches is attention-grabbing, unfortunately, it is not surprising,” says Eva Velasquez, president and chief executive of the Identity Theft Resource Center, in a statement. “There are a handful of reasons … ranging from the drastic uptick in zero-day attacks to a new wave of ransomware attacks as new ransomware groups enter the criminal identity marketplace.”
Financial services was the most frequently targeted industry by hackers during the third quarter, with 204 reported attacks. Healthcare was the second most frequently targeted industry, with 113 reported data compromises during the third quarter. No other industry reported attacks in the triple-digit range, the IRTC says.
