This is the Identity Theft Resource Center’s Weekly Breach Breakdown for April 14th, 2023. I’m James Lee.

Each week on this podcast, we look at the most recent events and trends related to data security and privacy. Today, we’re going to take a look at the data breach trends for the first three months of this year, which in many respects, they look a lot like the trends in the last three months of 2022. But, that’s not necessarily a good thing.

Show Notes

Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/
Follow on Twitter: twitter.com/IDTheftCenter

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 14, 2023. Thanks to Sentilink for their support of the podcast. Each week, we look at the most recent events and trends related to data security and privacy. This week, we look at our Q1 2023 Data Breach Analysis, which breaks down all the trends from the first three months of 2023. In many respects, they look a lot like the trends in the last three months of 2022. That is not a good thing.

Q1 Sees Decrease in Publicly Reported U.S. Data Compromises

The number of publicly reported U.S. data compromises was down in Q1 2023 compared to Q4 2022445 this year versus 512 in Q4. We often see a drop in data compromises at the beginning of each year. While the decline in notices is welcome news, it is not necessarily an indicator of an annual trend. Ultimately, 2021 and 2022 had the highest and second-highest number of data compromises reported since 2005.

Data Breach Notices with a Lack of Information Grows

Most troubling, the number of data breaches with no actionable information about the root cause of the compromise grew quarter over quarter. According to the Q1 2023 Data Breach Analysis, there were 187 breach notices with no actionable information in Q1 compared to 155 notices this same time last year and only five information deficient notices in Q1 2021.

Among the top ten compromises reported so far this year, 60 percent did not include information about the root cause of the event. That compares to 40 percent in the last three months of 2022. For the third consecutive quarter, the Healthcare industry reported the most data compromises among the top ten in Q1 2023.

Less than 100 Million Victims Were Impacted in Q1

An estimated 89+M individuals were victims of data compromises in Q1 2023. Eight of the top ten compromises impacted more than 1M people. The Q1 2023 Data Breach Analysis reports that compromises in the Manufacturing & Utilities, Technology, Healthcare, and Transportation industries affected the most people, with an estimated 84+M victims.

Supply Chain Attacks and Phishing Remain Common Attack Vectors

Supply chain attacks continued to be a significant attack vector for threat actors seeking personal information in Q1. Of the 378 breaches attributed to cyberattacks, 53 were supply chain attacks compared to 54 ransomware attacks. Phishing continued to be the most common attack vector that led to a data breach in Q1, with 106 compromises linked to some form of phishing.

Top Compromises in Q1

The top compromise of the first quarter belongs to T-Mobile, with an estimated 37M victims, followed by people search data company PeopleConnect with an estimated 20M victims. You can learn more about the latest data compromise trends by downloading the ITRC’s full Q1 2023 Data Breach Analysis here or at our website, www.idtheftcenter.org/publications.

ITRC Breach Alert for Business Coming Soon

Also, the ITRC continues a beta test of a new service for businesses, Breach Alert for Business, that want to ensure they receive a notification when a data breach at a vendor or partner is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”. We will have more details in the coming weeks.

Contact the ITRC

If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the podcast. Be sure to check out our sister podcast, The Fraudian Slip, for the latest in all things compromise, crime, and fraud that impact people and businesses. We will return next week with another episode of the Weekly Breach Breakdown.