The ITRC released its Q3 2023 Data Breach Report, showing the most data breaches in a year ever (by far) with 3 months to go!
According to the Q3 2023 Data Breach Report from the Identity Theft Resource Center (ITRC) (available for download here), there were 733 publicly-reported data compromises in the quarter, a 22 percent decrease compared to the previous quarter (941 compromises). That’s the (somewhat) good news.
However, despite the decline Quarter-over-Quarter, the ITRC passed the annual all-time high in data compromises set in 2021 (1,862), tracking 2,116 data compromises through the first nine months with three months left in the annual reporting period. That already exceeds the previous annual record of reported data events by 14 percent, with three months left in the year!
If that doesn’t explain why we need a Cybersecurity Awareness Month, I don’t know what does.
Other findings reported in the Q3 2023 Data Breach Report:
- Of the 733 compromises in Q3, 386 data breach notices did not have an attack vector (53 percent).
- Cybersecurity researchers point to the rising number of successful Zero-Day attacks as one reason for the significant rise in data compromises. The ITRC has noted a 1,620 percent increase in Zero-Day attacks reported in the first three quarters of 2023 (86) compared to all of 2022 (5).
- Supply Chain Attacks impacted many entities in Q3, even though they were not directly affected. One thousand three hundred twenty-one (1,321) organizations reported data compromises due to an attack against 87 vendors, including third parties that used the MOVEit file transfer software (which we covered here and here). As of September 30, 344 U.S. organizations have been impacted by a single or multiple vendors using a vulnerable MOVEit product. An additional 79 organizations reported being directly affected by attacks against MOVEit software or services.
- One bit of good news: The estimated number of victims is still well short of the pace from 2022 – 66.7M in Q3; 233.9M through the first nine months of 2023 compared to ~110M in Q3 2022 and 425M for the full year in 2022. More breaches, but less impact (at least so far).
The 7-page PDF Q3 2023 Data Breach Report is chock-full of graphics and statistics, which makes it a very easy read. Check it out here!
So, what do you think? Are you surprised that ITRC is already reporting the most data breaches in a year ever? Please share any comments you might have or if you’d like to know more about a particular topic.
Image created using Microsoft Bing’s Image Creator Powered by DALL-E, using the term “depiction of the reaction to a data breach using impressionism”.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.