Data breaches affected 42% more Americans last year; identify theft up

The number of data breaches in 2022 was slightly less than the previous year, but the number of people whose personal data was exposed due to security breaches was significantly higher…

The data is disclosed in the annual report of the Identity Theft Resource Center (ITRC).

The number of victims affected (422.1 million) increased by almost 41.5 percent compared to 2021. For 11 out of 12 months in 2022, the estimated number of victims of data compromise has declined for the sixth year in a row. However, this trend changed when it became known that the personal information of 221 million Twitter users became available in illegal identity markets.

The report criticized the companies for providing too few details in their admissions of the data breach.

Details were suddenly missing from data breach notifications, leading to increased risk for individuals and companies, as well as uncertainty about the number of data breaches and victims. “Not Specified” was the largest category of cyberattacks leading to data breaches in 2022, after phishing and ransomware. Only 34% of data breach notifications contained information about victims and attack vectors. […]

Eva Velasquez, President and CEO of the Identity Theft Resource Center, said: “At least 422 million people have been affected by these compromises. These numbers are estimates as data breach notifications are increasingly being issued with less information. This has resulted in less reliable data that makes it difficult for consumers, businesses, and governments to make informed decisions about the risk of data compromise and the actions to take if exposed. People largely fail to protect themselves from the ill effects of data compromise, fueling an epidemic – an identity fraud “scam” carried out using compromised or stolen information.”

The biggest leak this year was on Twitter, where 221 million users were given access to some of their data. Neopets, AT&T, Cash App, and Beetle Eye rounded out the top five, with a separate Twitter hack giving the company second place on the list and sixth.

The most frequently compromised personal data was someone’s full name and social security number. This was followed by date of birth, home address, driver’s license number, medical records, bank account number, and health insurance account number. This is all primary data for those who want to commit identity theft.

As detailed in the ITRC Identity Trends and Consumer Impact 2022 reports, there has been a dramatic increase in the number of cases of identity fraud, where cybercriminals impersonate a person using stolen data and/or information obtained from accounts in social networks to apply for government benefits and open new financial and non-financial accounts. These impersonation attacks can also lead to the takeover of existing accounts.

It’s rather ironic that the ITRC asks you to fill out a form with some personal details in order to access the report, even though this isn’t actually verified, so you can jump right into the report itself.

Apple celebrated Data Privacy Day yesterday with a short film with Ted Lasso star Nick Mohammed, as well as Today at Apple sessions on privacy.

Photo: Mahdis Mousavi/Unsplash