The Identity Theft Resource Center (ITRC) has released its Q3 2023 Data Breach Report, revealing a 22% decrease in publicly-reported U.S. data breach 2023 stats compared to the previous quarter, totaling 733 incidents. However, despite this decline, a concerning trend emerges as the ITRC has already surpassed the annual all-time high in data breaches set in 2021, with 2,116 breaches reported in the first nine months of 2023.
In Q3, 386 data breaches lacked an identifiable attack vector, comprising 53% of the total breaches. While the number of victims in Q3 decreased by 39% compared to the same period in 2022, with 66.7 million affected, the year-to-date total of 233.9 million estimated victims still falls short of 2022's pace, which saw 425 million estimated victims.
The report underscores cyberattacks as the primary root cause of data breaches, with 614 incidents reported in Q3. Among the reported attack vectors, phishing attacks led the pack with 80 incidents, followed closely by Zero-Day attacks at 69, surpassing ransomware (64) and malware attacks (17).
A significant concern raised by cybersecurity experts is the remarkable surge in Zero-Day attacks, reporting a staggering 1,620% increase in the first three quarters of 2023 compared to the entire year of 2022, rising from 5 to 86 incidents.
Eva Velasquez, President and CEO of the ITRC, expressed concern over the record-breaking data breaches, citing the increase in Zero-Day attacks and the emergence of new ransomware groups in the criminal landscape. The question remains, how much further will these breaches escalate?
“The Q3 2023 Data Breach Report by the Identity Theft Resource Center highlights a growing threat to CISOs and businesses. With 2116 data breaches in the first three quarters of 2023, exceeding the 2021 record, it's imperative to focus on third-party risk management and adapt to evolving attack surfaces," said Paul Valente, CEO & Co-Founder, VISO Trust. “The rise in zero-day attacks and supply chain vulnerabilities, as exemplified by the MOVEit software campaign, underscores the growing urgency for robust cybersecurity measures. Organizations should also prioritize transparency, as 53% of breaches lack explanations about the initial attack vectors.”
The report also highlights supply chain attacks affecting numerous entities, even those not directly targeted. Over 1,000 organizations reported data compromises due to attacks on 87 organizations, including third parties using MOVEit file transfer software.
As of September 30, 344 U.S. organizations were impacted by vulnerable MOVEit products, with 79 directly affected by attacks on MOVEit software or services. Four of the top ten compromises in Q3 were related to MOVEit attacks.
###