The Weekly Breach Breakdown Podcast by ITRC - Q1 Data Breaches - S3E11

Show Transcript

Q1 Data Breach

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 15, 2022.  Each week, we look at the most recent events and trends related to data security and privacy. This week, the ITRC published its analysis of the U.S. data compromises reported in the first quarter of 2022. Before we get to the Q1 2022 data breach numbers, let’s briefly revisit what happened in 2021.

What Happened in 2021

Last year was the highest number of data compromises recorded since the ITRC started tracking data breaches in 2005. We ended 2021 with 1,862 publicly reported compromises of all types, including 1,613 data breaches caused by cyberattacks. That translates into 87 percent of all compromises being caused by a cyberattack.

The number of data compromise victims for the whole year totaled 295 million individuals, a five percent drop from 2020. That means the trends, as we began 2022, pointed to rising cyberattacks leading to data breaches, but fewer individuals being the ultimate target of the cyberattacks. Which begs the question – what happened in the first three months of 2022?

What Happened in Q1 2022

A few quick stats:

• Publicly reported data compromises totaled 404 through March 31, 2022. That’s a 14 percent increase compared to Q1 2021.
• However, the number of individual victims dropped in the first quarter. The 20.7 million victims in this reporting period are ~50 percent lower than Q1 2021 and a 41 percent drop from Q4 2021.
• Phishing and Ransomware remain the #1 and #2 root causes of data compromises; System & Human Errors represent ~ eight (8) percent of the Q1 2022 data breaches. Data compromises resulting from physical attacks such as document or device theft and skimming devices were, at one time, the root cause of the majority of data compromises. There were only three (3) in Q1 2022.

What Do the Q1 2022 Data Breach Stats Mean?

Traditionally, Q1 is the lowest number of data breaches reported each year. However, Q1 of 2022 begins with the highest number of data compromises in the first quarter in the past three years.

Cyberattacks that lead to data compromises continue to increase, representing ~92 percent of all data compromises.

Phishing and related attack vectors, ransomware, and malware remain the top three root causes of cyberattack-related data breaches.

However, that’s a little misleading. Continuing a trend that emerged in 2021, 154 out of 367 data breach notices in Q1 2022 did not include the cause of the breach. That makes “unknown” the single largest attack vector in Q1. That also means that we’ve already surpassed the number of breaches with unknown causes reported last year, which was only 110.

Breach notice updates may include more attack information down the road, but the increasing lack of transparency in breach notices represents a risk to organizations as well as individual consumers.

To learn more about data breaches in Q1 2022, visit our website at www.idtheftcenter.org.

Contact the ITRC

If you want to learn more about protecting your personal or business information or if you think you have been the victim of an identity crime or compromise, visit our new website at our old web address www.idtheftcenter.org. You can speak with an expert advisor on the phone (888.400.5530), chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). 

Be sure to listen to the latest episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.