The Identity Theft Resource Center’s (ITRC)
2023 Data Breach Analysis shows that the total number of data compromises in the first half (H1) of 2023 has already surpassed 2022’s total number.
The US recorded 1,393 data compromises between January 7 and June 30, 2023. The compromises that took place in H1 2023 were:
- 1,379 data breaches with 156,558,466 victims
- 12 data exposures with 78,950 victims
- 2 unknown compromises with an unspecified number of victims
Affected industries by the number of compromises in H1 2023 include:
- Healthcare – 379
- Financial Services – 241
- Other – 163
- Manufacturing and Utilities – 139
- Professional Services – 112
Every sector reported more compromises in H1 2023 compared to the same period last year, with Healthcare remaining the most vulnerable. The latest ITRC data also shows increased
vulnerability in the Financial Services sector, where the reports nearly doubled compared to H1 2022.
When it comes to the pathways used by the malicious actors to commit the attacks, numbers suggest the following:
- Cyberattacks are the most common attack vector in the first half of 2023 with 1,049 breaches and 152,075,884 victims
- System/human error is second with 311 breaches/exposures and 4,448,718 victims
- Physical attacks are responsible for 31 breaches/exposures with 112,814 victims
- System chain attacks is the least used pathway, detected in 108 breaches/exposures with 22,180,035 victims across 402 entities
T-Mobile recorded the highest number of victims in this period, with 37,000,000 customers affected. Public records site PeopleConnect is second on the list with a 20,221,007 victim count. With 11,000,000 victims, America’s largest online Asian grocery market Weee! is in third place.
Out of the 1,393 data compromises recorded in H1 2023, 951 took place in the second quarter of the year (Q2), the highest number ITRC has ever recorded in a single quarter. The most affected sectors by the number of compromises in Q2 2023 are also Healthcare and Financial Services, with MCNA Insurance Company producing the highest victim count with 8,923,662 affected clients.
While 2023 marks a record-high year, the number of victims is significantly lower compared to 2022’s 424,000,000 victim count. Still, ITRC’s H1 Data Breach Analysis indicates that current methods used by companies and the government to fight ransomware are ineffective.