Number of data breaches falls globally, triples in the US

midian182

Posts: 9,738   +121
Staff member
Why it matters: A recent study investigating data breaches throughout 2023 reveals a total of 299.8 million accounts were compromised across the year. While this figure is alarmingly high, it represents an 18% reduction from the 366.7 million breached accounts in 2022. Despite this global decrease, the situation in the United States has worsened, with the number of breaches tripling, positioning it as the world's most frequently targeted country.

The Global data breach statistics report comes from Surfshark, which counts every leaked email address used to register for online services as a separate user account.

The biggest takeaway beyond the number of breaches falling 18% last year is that of the near 300 million compromised users, a third of them were of American origin.

The number of breaches in the US increased from 30.9 million to 96.7 million in 2023. Russia, meanwhile, saw a 27% decline in its breaches, dropping from 107.7 million to 78.4 million, moving it from the top spot to second place.

Europe was the region most affected by breaches – 39% of accounts breached last year were European.

Russia was the top country based on breach density, which is calculated by dividing a nation's total number of breaches by its population, indicating the likelihood of someone becoming a victim. The US was in second place based on this metric, with 285 accounts per 1,000 residents compromised.

Surfshark also collated the biggest breaches of 2023. The LinkedIn incident reported in August was the largest, with 11.4 million emails compromised. The next four were Russian services, with Duolingo's breach that affected 2.6 million emails in sixth place.

A different group, the Identity Theft Resource Center (ITRC), released a similar report that focuses only on the US. It states that the total number of breaches went up 43% YoY in 2023, though the total number of victims declined 16%.

ITRC notes that T-Mobile was the biggest incident, with 37 million victims impacted, while healthcare was the most-targeted industry. This backs up Omdia's report in January that showed healthcare suffered more cyberattacks than any other sector last year.

As for specific attack vectors, cyberattacks were the most popular, followed by system and human errors, physical attacks, and supply chain attacks.

Permalink to story.

 
So those number could justify USA putting more money on it's own cyberwarfare structure. Just like it's done in other war domains. Interesting.
 
So those number could justify USA putting more money on it's own cyberwarfare structure. Just like it's done in other war domains. Interesting.
Russians attack US infrastructure more and more, therefore US has to spend more on defense. What's so interesting about it? You really wanna see a conspiracy in everything, don't you?
 
That's fine because it's probably the only way they'll move on security. Companies and people love to wait til the last second or when it's too late before doing something about a serious problem. I would expect nothing less.
 
Russians attack US infrastructure more and more, therefore US has to spend more on defense. What's so interesting about it? You really wanna see a conspiracy in everything, don't you?
Ok I wasn't too serious about that...

But back in the topic, it seems like growth in cloud services made the attack surface bigger

That might be the cause. Still it's interesting how cyberwarfare is shaping, I don't mean it's good for any country, just that it's interesting.
 
Other countries are upgrading their internet infrastructure for protection, whereas the Americans are not upgrading to appease their shareholders.
 
Other countries are upgrading their internet infrastructure for protection, whereas the Americans are not upgrading to appease their shareholders.
Speaking from experience, its more like wait until attacked, then invest money in proper security or in "security" that grinds every PC in the company to a halt.

AFAIK, the prime vectors are still BS e-mail sent to dumb users to make those dumb users think that someone has submitted a fraudulent order or something similar. I get phishing e-mails like that regularly, but not too frequently.
 
So those number could justify USA putting more money on it's own cyberwarfare structure. Just like it's done in other war domains. Interesting.
I agree, however, speaking as an American citizen, IMO, those in government are so dysfunctional right now that no one can take a crap much less figure out what cyber security is because they are too busy trying to pwn each other - you know, the "truly important stuff" is what they are spending their time doing.
 
Russians attack US infrastructure more and more, therefore US has to spend more on defense. What's so interesting about it? You really wanna see a conspiracy in everything, don't you?
Honest question, are the Russians going out of their way to place signature hacks on all these breaches with record sanctions and all, or they they being used as a scapegoat for the war effort? 🤔
 
Honest question, are the Russians going out of their way to place signature hacks on all these breaches with record sanctions and all, or they they being used as a scapegoat for the war effort? 🤔
Easy to check - see where the ransomware thugs are located or/and what language they are used, like this one - https://www.techspot.com/news/102062-ransomware-group-has-stolen-almost-200gb-data-epic.html, and you will see a pattern... or just check top 10 biggest ransomware groups. I think you can start wit a black cat...
 
Back