The number of data breaches in 2022 was slightly down on the previous year, but the number of people whose personal data was exposed by the security failures was significantly higher …
The data is revealed by the Identity Theft Resource Center’s (ITRC) annual report.
The number of victims impacted (422.1 million) increased by almost 41.5 percent from 2021. For 11 of the 12 months in 2022, the estimated number of data compromise victims was trending downward for the sixth consecutive year. However, that trend reversed with news that personal information of 221 million Twitter users was available in illicit identity marketplaces.
The report criticized companies for providing too little detail in their data breach admissions.
Data breach notices suddenly lacked details, resulting in increased risk for individuals and businesses, as well as uncertainty about the number of data breaches and victims. “Not specified” was the largest category of cyberattacks leading to a data breach in 2022, ahead of Phishing and Ransomware. Only 34 percent of data breach notices included victim and attack vector details […]
Eva Velasquez, President and CEO of the Identity Theft Resource Center said: “These compromises impacted at least 422 million people. These numbers are only estimates because data breach notices are increasingly issued with less information. This has resulted in less reliable data that impairs consumers, businesses and government entities from making informed decisions about the risk of a data compromise and the actions to take if impacted by one. People are largely unable to protect themselves from the harmful effects of data compromises, fueling an epidemic – a “scamdemic” of identity fraud committed with compromised or stolen information.”
The biggest breach of the year was at Twitter, where 221M users had some of their data accessed. Neopets, AT&T, Cash App, and Beetle Eye rounded out the top five – with a separate Twitter breach earning it a second listing, in sixth place.
The most commonly compromised personal data was someone’s full name and social security number. This was followed by date of birth, home address, driver’s license number, medical records, bank account number, and health insurance account number. This is all prime data for anyone wanting to commit identity theft.
As detailed in the ITRC’s 2022 Trends in Identity and 2022 Consumer Impact reports, there has been a dramatic increase in identity scams and fraud where cybercriminals impersonate an individual using stolen data and/or information gleaned from social media accounts to apply for government benefits and to open new financial and non-financial accounts. These impersonation attacks can also result in the takeover of existing accounts as well.
Rather ironically, the ITRC asks you to fill out a form with some personal data to access the report – though it doesn’t actually validate this, so you can jump directly to the report itself.
Apple yesterday marked Data Privacy Day with a short film with Ted Lasso star Nick Mohammed, as well as privacy-focused “Today at Apple” sessions.
Photo: Mahdis Mousavi/Unsplash
FTC: We use income earning auto affiliate links. More.
Comments