2022 Reported US Data Breaches Near-Record Highs

After Surge in 2nd Half, 1,802 Breach Notifications Issued in 2022; Over 440 Million Individuals Affected

After a slow start, likely due to geopolitical factors, 2022 was another bumper year for data breaches in the United States.

U.S. organizations issued 1,802 data breach notifications in 2022, affecting more than 400 million individuals, the Identity Theft Resource Center reports.

That figure is just 60 breaches shy of the 1,862 breaches in the U.S. that ITRC counted in 2021.

That near miss occurred despite a slowdown in data breach volumes during the first half of 2022. This slowdown was likely due to Russian criminals’ preoccupation with Ukraine and possibly the volatility of the crypto markets.

2022’s biggest known breaches included Twitter, with 222 million records exposed; Neopets, with 69 million victims; AT&T Data, with 23 million victims; and Cash App Investing, with 8.2 million victims.

Based on breach reports, the attributes most often exposed were victims’ names, followed by Social Security numbers, birthdates, current home addresses, driver’s license or state identification numbers, medical details, and bank account numbers.

Leading Breach Vector: Online Attacks
Breached organizations reported that the catch-all category of “online attack” was the leading culprit for data breaches in 2022, followed by phishing or business email compromise and then ransomware and malware.

In the U.S., breaches in the financial sector accounted for 9.4M individuals affected, while the healthcare sector accounted for 49.6M individuals affected.

If you have questions about IT security and preparedness or how the threat landscape is evolving, call ITPAC today.