After the first half of 2022, the number of data breaches for the year is on pace to fall below the all-time high set in 2021, but still exceed the 2020 total. While 53.3 million consumers were implicated by these breaches in the first six months of 2022, this is well below pace to reach the 300 million victims in 2021, however, the number is understated as 39 percent of data breach notices so far in 2022 did not include a victim count.
The Identity Resource Center is a non-profit organization and maintains the largest US aggregate of data breach information, publishing quarterly, half year and end-of-year reports summarizing data breaches, the industries where they occurred and then number of consumers they impacted.
Cyber attacks represented 90 percent of all data breaches or data compromise events in the first six months of 2022, with the remaining data breaches being attributed to system or human error, and physical attacks such as in-person theft. Cyber attacks were the root cause of 734 data breaches implicating nearly 36 million consumers where phishing and business email compromise (BEC) was the largest subcategory (219 breaches) followed by ransomware (124 breaches) and malware (46 breaches). This was the first time malware attacks declined and fell behind ransomware attacks since 2019.
The sectors that suffered the most data breaches in the first half of 2022 were health care (161 breaches) and financial services (127 breaches). In terms of the number of victims, the three most impacted sectors were financial services (22.3 million), technology (12.4 million) and healthcare (11.8 million).
For more information, see the report from the Identity Theft Resource Center: