Q3 Data Compromises

Q3 Data Compromises Up from Q2, But Far From a Record High: Cybersecurity Trends

Cybersecurity Awareness Month continues with some possible good news? According to a report by the Identity Theft Resource Center® (ITRC), Q3 data compromises are up from Q2, but far off the pace of last year’s record high.

According to the ITRC’s Q3 2022 Data Breach Report analysis (available here), there were 474 publicly-reported Q3 data compromises in the Quarter, a 15 percent increase compared to Q2 this year. However, the year-to-date (YTD) number of compromises (1,291) is only 69 percent of the year-end total of 1,862 in 2021, making a record-high number of compromises in 2022 unlikely.

Still, it’s already the third highest yearly total of compromises since 2016, with one quarter to go.


And there is some bad news: The number of victims jumped 210 percent in Q3 2022 over Q2 2022, partly due to an AT&T-related breach (23M victims) and a Neopets data compromise (69M victims), which account for more than half of the YTD victim count. Also, the number of data breach notices with no information about the root cause of the compromise increased for the fourth consecutive quarter to 199 of the 419 breaches reported in Q3.

Other findings include:

  • Q3 2022 saw a 250 percent increase in supply chain attacks (1,280 entities impacted by 48 supply chain attacks) compared to H1 2022 (367 organizations affected by 44 attacks).
  • Cyberattacks (419) made up 88 percent of data breaches in Q3. Phishing attacks (124) remained the primary attack vector for the 15th consecutive quarter. Also, with non-Russian affiliated ransomware groups emerging and cryptocurrency markets less volatile, ransomware attacks rebounded slightly in Q3.
  • Malware-based attacks (13 in Q3) dropped to the lowest number in 3.75 years. They have become increasingly rare as the number of related attacks has fallen steadily from a recent high of 39 attacks in Q2 2021.

The downloadable report is a very efficient 6-page PDF chock full of informative cyber stats for you to memorize and impress your friends. Assuming your friends are impressed by that stuff. 😉

So, what do you think of the fact that Q3 data compromises are up from Q2, but 2022 is off the pace of 2021? Good news or bad news? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply