The ITRC issued its Q1 2023 Data Breach Analysis today. One finding: the lack of actionable information in data breach notices continues to grow.

According to the press release from the Identity Theft Resource Center (ITRC), there were 445 publicly reported data compromises in the Quarter, a 13 percent decrease compared to the previous Quarter (512 compromises). And the number of victims (89,140,686) decreased a whopping 64 percent over that same span (252,778,204 victims)!

Good news, right?

Not necessarily. Q4 of 2022 was the highest number of victims by far in the past 2+ years. Q1 numbers tend to be lower generally and the Q1 of 2023 number is still more than 3 1/2 times the Q1 2022 number (26,768,211) and more than double the Q1 2021 number (41,254,479).

Also, the lack of actionable information in data breach notices may be impacting those numbers. the number of data breaches with no actionable information about the root cause of the compromise grew to 187 in Q1 2023 compared to 155 in Q1 2022 and just five(!) in Q1 2021.

According to Eva Velasquez, President and CEO of the ITRC: “Among the top ten breaches we saw in Q1, 60 percent did not include information about the root cause of the event, compared to 40 percent in Q4 2022. This means individuals and businesses remain at a higher risk of cyberattacks and data compromises.””

Two other notable findings in the Q1 2023 Data Breach Analysis:

• For the third consecutive quarter, the Healthcare industry reported the most data compromises among the top ten compromises in Q1 2023. Eight of the top ten compromises impacted more than one million people.
• Supply chain attacks continued to be a significant attack vector for threat actors seeking personal information in Q1. Of the 378 breaches attributed to cyberattacks, 53 were supply chain attacks compared to 54 ransomware attacks. Phishing remained the most common attack vector that led to a data breach (106) in Q1.

You can download the easy-to-read five-page report here.

So, what do you think? Are you concerned about the lack of actionable information in data breach notices?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.