Skip to main content
close search
site logo

US data compromises surged to record high in 2023

Breached organizations are withholding critical information more often than ever, underscoring a trend toward opaque notices, the Identity Theft Resource Center said.

Published Jan. 25, 2024
Matt Kapko's headshot
Senior Reporter
The red lock and its structure explode in a digital computer setting.
TU IS via Getty Images

Data compromises were more abundant and organizations were less forthright about the root cause of cyberattacks throughout 2023, according to the Identity Theft Resource Center’s annual data breach report.

The number of data compromises reported in the U.S. last year jumped 78% to a record high of 3,205 incidents, the non-profit organization said Thursday. These compromises ultimately impacted more than 353 million victims, including individuals affected multiple times.

“The sheer scale of the 2023 data compromises is overwhelming,” ITRC CEO Eva Velasquez said in the report.

Specific details about the attack vector were missing from 44% of all data breach disclosures last year. This underscores a trend toward opaque breach notices, ITRC said. The percentage of disclosures without this critical information grew from a ratio of 40% in 2022.

Federal cyber authorities and researchers conduct root-cause analysis and share indicators of compromise to help organizations to hunt for malicious activity and bolster defenses against specific threats.

The FBI and Cybersecurity and Infrastructure Security Agency consistently encourage victim organizations to share more information, as a lack of reporting hinders law enforcement’s ability to take action.

The growing lack of transparency from breached organizations extends beyond the root cause. Actionable notices, those containing victim counts and attack vector details, declined from 60% in 2022 to 54% in 2023, the ITRC report found.

U.S. publicly traded companies played an outsized role in the number of personal records exposed by data breaches.

These businesses were linked to 1 in 10 incidents in 2023, yet accounted for 2 in 5 data compromise victims, according to ITRC. Public companies were also just as likely to withhold information about an attack in data breach disclosures.

The Securities and Exchange Commission instituted new cyber incident reporting rules at the end of 2023, which require companies to report material cyber incidents within four business days of determination. The mandate is widely expected to result in a flood of additional disclosures. 

Most of the breaches and data compromised in 2023 were the result of cyberattacks, the report found.

Almost every industry reported a year-over-year increase in data compromises last year. Healthcare continued to lead all industries in total data compromises, followed by financial services, professional services and manufacturing.

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell